1. Data controllers
As admin of the above named Facebook pages, we, CMLW Consulting (Sole Trader), assume joint control with the provider of the social network Facebook (Facebook Ireland Ltd.), as stipulated in Art. 4(7) GDPR (General Data Protection Regulation). When visiting our Facebook page, the data controllers process the personal data of the page visitors.
We have concluded a joint controller agreement with Facebook (Page Controller Addendum). With this agreement, Facebook recognizes the joint control with regard to so-called Insights-Data and assumes essential data protection obligations for information of data subjects, data security or reporting of data protection violations. Moreover, the agreement stipulates that Facebook is the main point of contact for the exercise of data subjects’ rights (Articles 15 – 22 GDPR).
This makes sense because Facebook as social network provider is alone able to provide direct access to required information, provide information and take action if necessary. However, feel free to contact us at any time if you need our assistance regarding the use of our Facebook page.
2. The Use of Insights and Cookies
3. The Purpose of Data Processing
Processing the information generated by Insights also provides us as operator of the Facebook page with visitor-related statistics on our Facebook page. This allows us to control our market performance. To name just one example, knowing the profiles of our visitors who like our Facebook page or use applications of that page gives us the ability to make our content more relevant to you and to develop functions that may be of greater interest for you should we decide to do this.
The demographic and geographic information provided and its analyses help hone the content of our Facebook page and thereby reach our business targets more efficiently. We can use the Facebook-provided information to place interest-oriented advertisements without knowing the identity of the page visitor. In the event Facebook visitors use several terminal devices, the data collection and analysis occur across several devices if the user registers with his/her respective Facebook login data.
The visitor statistics are transmitted to us exclusively in anonymized form. The underlying data is inaccessible to us.
We also use our Facebook page to communicate with our Facebook users and to inform them about our services. In this context, we may receive further information, e.g. through user comments, private messages or users following us or sharing our content. Processing the information is solely for the purpose of communicating and interacting with you.
4. Legal Foundation and Legitimate Interests
We operate our Facebook page to introduce ourselves to the public and to present our news and ideas. We like to interact and communicate with interested visitors. Processing personal data is within our legitimate interests in the optimised presentation of our work (Article 6(1) point (f) GDPR).
5. Data Transfer
Facebook Inc. with its domicile in the USA may process some of the data collected on servers outside the UK. Facebook, Inc. (“Facebook”) has certified to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, “Privacy Shield Frameworks”) with the US Department of Commerce regarding the collection and processing of personal data from our advertisers, customers or business partners in the European Union, the United Kingdom and Switzerland. For more information visit FACEBOOK, INC. AND THE EU-U.S. and SWISS-U.S. PRIVACY SHIELD
We ourselves do not transfer personal data we receive through our Facebook page.
6. The Right of Objection
Facebook users are able to set their Advertising Preferences via Facebook settings to the extent that they are permitted to input their user preferences during their visit. The Facebook Settings and filling out the Form to exercise the Right to Object offer further opportunities to guard your privacy.
7. Contact Information and Further Rights as Data Subject
On our website you will find detailed contact data, including our data protection officer’s contact information, and privacy notice. The latter includes details on the rights of data subjects and on the way we process personal data.