Additional privacy policy for the Facebook Fanpage

Content:
I. Data controllers in common
II. Contact details for data protection
III. General information about data processing
IV. Automatic data processing when visiting our Facebook fan page
V. Collection, processing and use of your personal data by us
VI. Legal Basis
VII. Rights of the data subject


I. Data controllers in common

You are on the Facebook Fanpage of:

Tamasu Butterfly Europe GmbH
Kommunikationsstr. 8
47807 Krefeld
Germany
Telephone number: + 49-2151-935670
Email: cs [at] butterfly.tt

We use the technical information offered here for the information service
Platform facebook.com and the services of Facebook Ireland Ltd., 4 Grand Canal Square
Grand Canal Harbor, Dublin 2, Ireland (hereinafter "Facebook").

We as fan page operators together with Facebook are jointly responsible for the processing within the meaning of the data protection laws.

The agreement pursuant to Art. 26 para. 1 GDPR can be found under the following link:
https://www.facebook.com/legal/terms/page_controller_addendum


II. Contact details for data protection
The contact details of our data protection officer can be found in the privacy policy.
The data protection officer of the platform operator can be contacted via the following link:
https://www.facebook.com/help/contact/540977946302970


III. General information about data processing

We point out that you use this Facebook page and its functions on your own responsibility. This is especially true for the use of interactive features (e.g., commenting, sharing, rating). Alternatively, you can also access the information offered on this page on our website at https://de.butterfly.tt/.


IV. Automatic data processing when visiting our Facebook fan page

When visiting our Facebook page, Facebook, etc. collects your IP address and other information that exists in the form of cookies on your PC. This information is used to provide us as the operator of the Facebook pages statistical information on the use of the Facebook page.
For more information, please contact Facebook at the following link:
http://de-de.facebook.com/help/pages/insights.

The data collected about you in this context will be processed by Facebook and, where appropriate, transferred to countries outside the European Union. What information Facebook receives and how it is used is described by Facebook in general terms in its data usage policies. There you will also find information about contact options for Facebook as well as the setting options for advertisements. The data usage guidelines are available at the following link:

http://de-de.facebook.com/about/privacy

The complete data guidelines of Facebook can be found here:

https://de-de.facebook.com/full_data_use_policy

In which way Facebook uses the data from the visit of Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores these data and whether data from a visit to the Facebook page to third parties will not be finalized and clearly named by Facebook and is not known to us.

When accessing a Facebook page, the IP address assigned to your end devices will be transmitted to Facebook. According to information provided by Facebook, this IP address is anonymised (for "German" IP addresses) and deleted after 90 days. Facebook also stores information about its users' terminals (e.g., as part of the "logon notification" feature); If necessary, Facebook is thus an assignment of IP addresses to individual users possible.
If you are currently logged in to Facebook as a user, you will find a cookie with your Facebook ID on your device. As a result, Facebook is able to understand that you visited this page and how you used it. This also applies to all other Facebook pages. Via Facebook buttons embedded in web pages, Facebook is able to record your visits to these web pages and assign them to your Facebook profile. Based on this data content or advertising can be tailored to suit you. If you want to avoid this, you should log out of Facebook or disable the "stay logged in" feature, delete the cookies on your device and stop and restart your browser. This will delete Facebook information that can be immediately identified. This allows you to use our Facebook page without revealing your Facebook ID. When you access the site's interactive features (like, comment, share, news, etc.), a Facebook login screen appears. After any registration, you will be recognizable as a specific user for Facebook again.

For information on how to manage or delete existing information about you, visit the following Facebook Support pages:

https://de-de.facebook.com/about/privacy#

Information about the data that the platform operator processes via the registered and non-registered visitors of our Facebook fanpage, the storage duration of this data, the categories of the recipients (including for disclosure and intercompany data exchange) and data transmission in third countries can be found in the following link:
https://www.facebook.com/privacy/explanation

Should the data subjects be tracked through the processing of their data via the Facebook Fanpage, e.g. through the use of cookies, the storage of the IP address or other comparable techniques, the platform operator is obliged to inform about this pursuant to the concluded agreement pursuant to Art. 26 (1) GDPR. Accordingly, the platform operator is obliged to inform about the purposes of data processing, about the legal basis and about the setting of a session cookie and three cookies with lifetimes between four months and two years. Further information can be found on the following links:
https://www.facebook.com/privacy/explanation
https://www.facebook.com/policies/cookies/


V. Collection, processing and use of your personal data by us

Through our Facebook Fanpage you have the opportunity to respond to our posts, to write comments, to make a contribution to our site or to send us private messages.
All data provided and disclosed in this context by you will be used and processed by us.
The purpose of this data processing is solely the communication with users on the basis of a legitimate interest on our part (Article 6 (1) (f) GDPR).


1. Categories of affected persons

Concerned persons are in the social network Facebook registered and non-registered visitors of our Facebook Fanpage.

2. Data that we process from registered visitors to our Facebook Fanpage

Username (username) under which you have registered Released profile data (eg name information, occupation, address, contact details, pictures, interests and possibly also special personal data such as religious affiliation, health data, etc.) data that is used when sharing content, During the exchange of messages and during communication, data is generated that is required in the context of a contract on request of the registered visitors

In addition, we only process pseudonymous data such as:
Statistics and insights on how to interact with our fanpage, posts, pages, videos, and other content (page activity, pageviews, likes, reach, general demographic, location, and interest-based information on age, gender, country) , City, language) evaluations on success and backgrounds of our advertisements, other analyzes and measurements for internal analyzes.

We can not combine these pseudonymised data with the corresponding personal data (assignment characteristics such as name information). This makes it impossible for us to identify individual visitors. These remain anonymous for us.
3. Data that we process from non-registered visitors to our Facebook Fanpage

Pseudonymized data such as statistics and insights on how to interact with our fanpage, postings, pages, videos, and other content (page activity, pageviews, likes, reach, general demographic, location, and interest-related information about age, Gender, country, city, language), evaluations of the success and background of our advertisements, other analyzes and measurements on ....

We can not combine these pseudonymised data with the corresponding personal data (assignment characteristics such as name information). This makes it impossible for us to identify individual visitors. These remain anonymous for us.

4. Origin of the data

We collect the data directly from the affected person or receive it from the platform operator.

5. Purposes of data processing

We process the data primarily for purposes of external representation and advertising. In addition, we process the data for communication and data exchange as well as for the organization of events. Finally, the data can also be processed for contract initiation or contract processing.

6. storage time

Due to the agreement concluded with the platform operator pursuant to Art. 26 (1) GDPR, the platform operator is obliged to store and delete the data.
You can find further information in the following link:
https://www.facebook.com/privacy/explanation

7. Categories of the recipients

Only our employees and service providers can access the data processed by us.
If the data subjects publish their data publicly on our Facebook Fanpage, these are always visible by other registered and possibly also not registered visitors.

8. Data transmission to third countries

If the data subject publishes their data publicly on our Facebook Fanpage, this data can be viewed by other registered and unregistered visitors of our Facebook Fanpage worldwide.

In addition, data are transmitted by the platform operator as part of the operation of our Facebook fan page in third countries.
This data transmission is secured either by an adequacy decision of the EU Commission pursuant to Art. 45 GDPR or by suitable guarantees in accordance with Art. 46 GDPR.
You can find further information in the following link:
https://www.facebook.com/privacy/explanation

In addition, the operator of the platform Privacy Shield is certified: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

As a result of the agreements on the EU-US Privacy Shield, Facebook must therefore grant the persons concerned various rights, which they can then assert directly against Facebook.


VI. Legal Basis

1. Data processing by us:

The data processing via the Facebook Fanpage by us takes place according to the legal regulations and on the basis of the following legal bases:

- The processing takes place on the basis of an explicit consent in accordance with Art. 6 para. 1 lit. a), Art. 7 GDPR
- The processing is performed to fulfill the contract or to carry out pre-contractual measures in accordance with Art. 6 para. 1 lit. b) GDPR
- Processing takes place on the basis of a legal obligation to which we are subject, in accordance with Art. 6 para. 1 lit. c) GDPR
- Processing takes place in order to safeguard our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR

Our legitimate interest in processing the data outweighs the interests, fundamental rights and fundamental freedoms of the data subjects.
Our interest in processing is to provide a platform with up-to-date information, to improve our offer and our website, to present our company and to communicate effectively with users on questions and concerns.
In contrast, we process so few personal data of the persons concerned as possible and benefit the possibility of anonymization / pseudonymisation, as far as this is possible in the interest of effective communication.

If special categories of personal data are processed, this is done on the basis of the following legal bases:

- Processing takes place on the basis of the consent of the data subject in accordance with Art. 9 para. 2 lit. a) GDPR
- The processing takes place as the data subject has obviously made the personal data publicly available in accordance with Art. 9 (2) lit. e) GDPR
2. Data processing by the platform operator:

The legal bases on which the platform operator bases the data processing can be found on the following link:
https://www.facebook.com/about/privacy/legal_bases

If the data subjects are tracked by collecting their data, whether through the use of cookies or similar techniques or by storing the IP address, the platform operator will seek the consent of the data subjects in advance.
In particular, the platform operator is obliged to inform the data subjects, for what purposes and on what legal basis the first call of a fan page even in non-registered visitors records in the so-called local storage generated and whether personal data of unregistered visitors (eg IP address or other Data that aggregates into personal data) can be used to create profiles.


VII. Rights of the data subject

If personal data is processed by you, you are the data subject in the sense of the General Data Protection Regulation. Therefore, you have the following rights to the person responsible.

Since only the platform operator has complete access to all user data, we recommend that you contact Facebook Inc. directly to assert your rights.

To exercise your rights to us as the person in charge, please contact the following e-mail address: cs [at] butterfly.tt


1. Right to information - Art. 15 GDPR
You have the right to ask the person in charge to confirm that you are processing personal data in question.

If such processing is available, you have a right to information about this personal data and to the following information:

a) the purposes for which the personal data are processed;
b) the categories of personal data being processed;
(c) the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed;
d) if possible, the planned duration for which the personal data are stored or, if this is not possible, the criteria for determining the duration of the storage;
(e) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
f) the existence of a right of appeal to a supervisory authority;
g) all available information on the source of the data, if the personal data are not collected from the data subject;
(h) the existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.

In addition, you have the right to request information about whether your personal information relates to a third country or an international organization. In this regard, you can also request the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transfer.


2. Right to rectification - Art. 16 GDPR
You have the right to immediate correction and / or completion of the data concerning you, provided the personal data processed is incorrect or incomplete.


3. Right to cancellation - Art. 17 GDPR
You have the right to demand the immediate deletion of your personal data at any time, provided that one of the following reasons is met:

a) the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed;
b) You have revoked your consent to the processing in accordance with. Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) DSGVO and there is no other legal basis for processing;
c) You have objected to the processing in accordance with Art. 21 (1) and there are no legitimate reasons for the processing, or you objected to the processing in accordance with Art. 21 (2) GDPR;
d) the personal data relating to you have been processed unlawfully;
e) the deletion of personal data concerning you is required to fulfill a legal obligation under Union or national law to which the controller is subject;
f) the personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR
Exceptions:
There is no right to erasure if processing is required

a) to exercise the right to freedom of expression and information;
b) to fulfill a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of public authority entrusted to the controller ;
c) for reasons of public interest in the field of public health as referred to in Article 9 (2) (h) and (i) and Article 9 (3);
d) for archival purposes of public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89
Paragraph 1 GDPR, insofar as the law referred to in subsection (a) is likely to render impossible or seriously affect the achievement of the objectives of this processing, or
e) to assert, exercise or defend legal claims.


4. Right to restriction of processing - Art. 18 GDPR
You have the right under the following conditions to request the restriction of your personal data:

a) if you deny the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
b) if the processing is unlawful and you refuse the deletion of the personal data and instead demand the restriction of the use of the personal data;
c) if the controller no longer needs the personal data for the purposes of the processing, but you need them for the purposes of asserting, exercising or defending legal claims, or
d) if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data may only be used - with the exception of your consent - to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest Union or a Member State.

If the restriction on processing has been restricted due to the above conditions, you will be notified by the person responsible before the restriction is lifted.


5. Right to information - Art. 19 GDPR

If you have claimed any of your rights to rectification, erasure or restriction of processing, we shall be obliged to notify all recipients to whom your personal data have been disclosed of rectification, deletion of data or restriction of processing because, this proves to be impossible or is associated with a disproportionate effort.

In addition, you have the right to be informed about these recipients.


6. Right to Data Transferability - Art. 20 GDPR

You have the right to receive personally identifiable information you provide to the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided that

a) the processing on a consent acc. Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract in accordance with. Art. 6 para. 1 lit. b) DSGVO is based and
b) the processing is done by automated means.

In exercising this right to data transferability, you also have the right to obtain that your personal data relating to you are transmitted directly from one controller to another, where technically feasible.


7. Right of objection - Art. 21 GDPR
You have the right at any time, for reasons arising from your particular situation, to prevent the processing of personal data relating to you which, on the basis of Article 6 (1) lit. e) or f) GDPR, objection is lodged; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.
If personal data is processed to operate direct mail, you have the right to object at any time to the processing of your personal data for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct mail.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to opt-out by means of automated procedures that use technical specifications.


8. Right to revoke the data protection consent declaration
You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.


9. Right to complain to a supervisory authority - Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisor, in particular in the Member State of her habitual residence, place of work or place of alleged infringement, if you believe that the processing of personal data concerning you infringes the General Data Protection Regulation.

The supervisory authority in which you file a complaint must inform you as the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.