Addition to the Privacy Policy for Company Profiles (“Fan Pages”) on Social Networks

General information

Please note that our fan pages on social networks solely represent another of a number of different ways to establish contact with us or receive information from us. As an alternative, the information available via our fan pages can also, for example, be accessed on our website.

You can find additional information on the individual social networks in the paragraphs below.

Contact details for data protection
Data security officer, AV-TEST GmbH: Erik Heyland, e-mail: datenschutz@av-test.com

Data subject categories
Visitors to our fan page, both those who are registered and those who are not registered on the social network.
We hereby inform the data subjects that their use of each social network and its functions is their own responsibility. This applies to the use of interactive functions (e.g. sharing, rating) in particular.

Categories of personal data
Data that we process from registered visitors to our fan page:
The login or user name with which you have registered, the profile data you have released (e.g. name details, occupation, addresses, contact details and, where applicable, special categories of personal data such as your religious affiliation, health details, etc.), data that are produced when you share content, exchange messages and communicate and data that are required within the scope of the initiation and execution of a contract requested by the registered visitors. In all other cases, we only process pseudonymized data such as statistics on and insights into how users interact with our fan page and the posts, pages, videos and other content provided via our fan page (page activities, page visits, “like” clicks, reach and general demographic, location-related and interest-related information regarding age, gender, country, city and language), evaluations of success and background information regarding our advertisements.
We are unable to link the pseudonymized data to the corresponding identifying property (e.g. name details). As a result, we are unable to identify individual users, who therefore remain anonymous to us.

Data that we process from non-registered visitors to our fan page:
Pseudonymized data such as statistics on and insights into how users interact with our fan page and the posts, pages, videos and other content provided via our fan page (page activities, page visits, “like” clicks, reach and general demographic, location-related and interest-related information regarding age, gender, country, town/city and language), evaluations of success and background information regarding our advertisements.
We are unable to link the pseudonymized data to the corresponding identifying property (e.g. name details). As a result, we are unable to identify individual users, who therefore remain anonymous to us.

Origin of the data
We receive the data directly from the data subjects or from the platform operator.

Legal basis for the data processing
We process data according to the following legal bases:
-   Article 6 paragraph 1 sentence 1 lit. a GDPR: consent of the data subject
-   Article 6 paragraph 1 sentence 1 lit. b GDPR: performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
-   Article 6 paragraph 1 sentence 1 lit. f GDPR: legitimate interest

Simplification of communication and data exchange by using the fan page to sensibly complement the existing communication channels such as our website, press releases, print products and events
Promoting sales of our products and services, driving demand and attracting young talent by means of a transparent profile and regular posts
Optimization of our fan page

We only process special categories of personal data, if at all, according to the following legal bases:

Article 9 paragraph 2 lit. a GDPR: consent of the data subject
Article 9 paragraph 2 lit. e GDPR: the data subject has manifestly made the personal data public

Purposes of data processing
The data are processed for the following purposes:
-   Public image and advertising
-   Communication and data exchange
-   Event management
-   Initiation and execution of contracts

Recipient categories and transfers of data to third countries
The data that we process can only be accessed by our employees and service providers who manage and look after our fan page and require the data for the purposes specified above. If the data subjects post their data on our fan page as a public post, other registered and possibly non-registered users will be able to access these data. This also applies to users from third countries.

Rights of the data subjects
Data subjects have a number of different rights with regard to the processing of their data. They can exercise these rights directly against the platform operator on the basis of the arrangement as defined in Article 26 paragraph 1 GDPR. More precise information on the rights of the data subjects can be found in our Privacy Policy.

Data subjects also have the basic right to not be subject to an automated individual decision pursuant to Article 22 paragraph 1 GDPR. If such an automated individual decision is permitted pursuant to Article 22 paragraph 2 lit. a to c GDPR, data subjects will be granted the following rights pursuant to Article 22 paragraph 3 GDPR: the right to express their point of view, the right to obtain human intervention on the part of the controller and the right to contest the automated individual decision (right to appeal).

Further information on social networks and how data subjects can protect their data can also be found here: https://www.youngdata.de/.

Facebook and Instagram

Social network
Facebook: https://www.facebook.com/
Instagram: https://www.instagram.com/

Controller in cooperation with which the fan page is run (“platform operator”)
Meta Platforms Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2, Ireland

In an arrangement pursuant to Article 26 paragraph 1 GDPR, the joint controllers determined who will fulfill which duty as stipulated by the GDPR together
The arrangement as defined by Article 26 paragraph 1 GDPR can be found via the following link:
https://www.facebook.com/legal/terms/page_controller_addendum
The platform operator makes the essential content of this arrangement available to the data subject. We have no influence on whether or how the platform operator actually uses data (purpose, storage, erasure, disclosure, transmission or profiling). In this respect, we also have no effective means of controlling or monitoring how it uses data.

Contact details for data protection
The data protection officer of the platform operator can be contacted via the following web form: https://www.facebook.com/help/contact/540977946302970

Legal basis for the data processing
The legal bases according to which the platform operator conducts its data processing can be found via the following links:
https://www.facebook.com/about/privacy/legal_bases
https://help.instagram.com/519522125107875

Transfers of data to third countries
Regardless of the place of residence of the data subjects, the platform operator will transfer the data to, store them in and otherwise process them in the United States of America, Ireland and every other country in which Facebook has business operations.
Connected transfers of data to third countries are secured by means of an adequacy decision of the European Commission pursuant to Article 45 GDPR or by means of appropriate safeguards pursuant to Article 46 GDPR:
https://www.facebook.com/privacy/explanation
https://help.instagram.com/519522125107875

Supervisory authority responsible for the platform operator (Article 77 GDPR)
Data Protection Commission
21 Fitzwilliam Square, Dublin 2
D02 RD28, Ireland
Website: https://www.dataprotection.ie/en/contact/how-contact-us

YouTube

Social network
YouTube: https://www.youtube.com/

Controller in cooperation with which the fan page is run (“platform operator”)
Google Ireland Ltd.
Gordon House, Barrow Street, Dublin 4
Ireland

In an arrangement pursuant to Article 26 paragraph 1 GDPR, the joint controllers determined who will fulfill which duty as stipulated by the GDPR together
We have no influence on whether or how the platform operator actually uses data (purpose, storage, erasure, disclosure, transmission or profiling). In this respect, we also have no effective means of controlling or monitoring how it uses data.

Contact details for data protection
The data protection officer of the platform operator can be contacted via the following web form: https://support.google.com/policies/contact/general_privacy_form

Legal basis for the data processing
The legal bases according to which the platform operator conducts its data processing can be found via the following link: https://policies.google.com/privacy/

Transfers of data to third countries
Regardless of the place of residence of the data subjects, the platform operator will transfer the data to, store them in and otherwise process them in the United States of America, Ireland and every other country in which Google has business operations. Connected transfers of data to third countries are secured by means of an adequacy decision of the European Commission pursuant to Article 45 GDPR or by means of appropriate safeguards pursuant to Article 46 GDPR: https://policies.google.com/privacy/update

Further information
Further information, especially regarding the categories of personal data, the origin of the data, the storage duration, the purposes of data processing and the categories of recipients, can be found via the following link:
https://policies.google.com/privacy/update

Twitter

Social network
Twitter: https://twitter.com/

Controller in cooperation with which our Twitter account (“fan page”) is run (“platform operator”)
Twitter International Company
One Cumberland Place
Fenian Street
Dublin 2 D02 AX07
Ireland

The platform operator makes the essential content of this arrangement available to the data subject. We have no influence on whether or how the platform operator actually uses data (purpose, storage, erasure, disclosure, transmission or profiling). In this respect, we also have no effective means of controlling or monitoring how it uses data.

Contact details for data protection
The data protection officer of the platform operator can be contacted via the following web forms:
https://support.twitter.com/forms/privacy
https://twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.asp

Categories of personal data
Data that we process from registered visitors to our fan page:
Data produced when tweets that refer to the Twitter accounts of the data subjects are posted or re-tweeted and other data and content freely published and shared by the data subjects on Twitter or via their Twitter accounts. In all other cases, we are only able to view specific, non-personal or pseudonymized data concerning tweet activity, for example the number of profile or link clicks via a specific tweet.

Data that we process from non-registered visitors to our fan page:
We are only able to view specific, non-personal or pseudonymized data concerning tweet activity, for example the number of profile or link clicks via a specific tweet.

Legal basis for the data processing
The legal bases according to which the platform operator conducts its data processing can be found via the following link: https://twitter.com/en/privacy

Transfers of data to third countries
Regardless of the place of residence of the data subjects, the platform operator will transfer the data to, store them in and otherwise process them in the United States of America, Ireland and every other countries in which Twitter Inc. has business operations.
Connected transfers of data to third countries are secured by means of an adequacy decision of the European Commission pursuant to Article 45 GDPR or by means of appropriate safeguards pursuant to Article 46 GDPR: https://twitter.com/en/privacy

Data subjects can select options that limit the processing of their data in the general settings of their Twitter accounts and in the “Privacy and safety” settings. Furthermore, they can limit the access that the platform operator has to their contact and calendar details, photos, location data. etc. in the settings options of their mobile devices (smartphones, tablets). However, this depends on the operating system used.

Data subjects can find out about the possibility of viewing their own data stored by the platform operator here: https://support.twitter.com/articles/20172711#
Data subjects can find out about the conclusions drawn by the platform operator as to their identity here: https://twitter.com/your_twitter_data
Data subjects can find information on the personalization and data protection setting options available to them (with further references) here: https://twitter.com/settings/account/personalization

Social network
LinkedIn: https://de.linkedin.com/

Controller in cooperation with which our LinkedIn account (“fan page”) is run (“platform operator”)
LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2
Ireland

In an arrangement pursuant to Article 26 paragraph 1 GDPR, the joint controllers determined who will fulfil which duty as stipulated by the GDPR together
The arrangement as defined by Article 26 paragraph 1 GDPR can be found via the following link: https://legal.linkedin.com/pages-joint-controller-addendum
The platform operator makes the essential content of this arrangement available to the data subject. We have no influence on whether or how the platform operator actually uses data (purpose, storage, erasure, disclosure, transmission or profiling). In this respect, we also have no effective means of controlling or monitoring how it uses data.

Contact details for data protection
You can contact the data protection officer of the platform operation via the following web form: https://www.linkedin.com/help/linkedin/ask/TSO-DPO

Categories of personal data
Data that we process from registered visitors to our fan page:
Profile details made available (ProFinder profile details, training and education, professional experience, salary expectations, photo, location details, skills and confirmation of skills, professional achievements (e.g. granted patents, professional recognitions, projects)) and other data and content freely published, shared, posted or uploaded by data subjects on LinkedIn or via their LinkedIn account.

Legal basis for the data processing
The legal bases according to which the platform operator conducts its data processing can be found via the following link: https://www.linkedin.com/legal/privacy-policy

Transfers of data to third countries
Regardless of the place of residence of the data subjects, the platform operator will transfer the data to, store them in and otherwise process them in the United States of America, Ireland and every other country in which the platform operator has business operations.
Connected transfers of data to third countries are secured by means of an adequacy decision of the European Commission pursuant to Article 45 GDPR or by means of appropriate safeguards pursuant to Article 46 GDPR:
https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=en

Data subjects can find information on the personalization and data protection setting options (with further references) here: https://privacy.linkedin.com/faq