Privacy Policy

Privacy Policy

We process your data in accordance with the applicable legal provisions for the protection of personal data, in particular the EU General Data Protection Regulation (EU GDPR) and the country-specific laws applicable to us. With the help of this privacy policy, we will inform you how Erstream processes your personal data and the rights you have.

Personal data means any information that can lead to the identification of an individual and includes name, date of birth, address, phone number, e-mail address and also IP address.

This policy doesn’t apply to anonymous data which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable.

Responsible authority and data protection officer
Your rights as a data subject

We would like to inform you of your rights as a data subject as defined in Art. 15 - 22 EU GDPR. These include:

  • The right of access (Art. 15 EU GDPR),
  • The right to erasure (Art. 17 EU GDPR),
  • The right to rectification (Art. 16 EU GDPR),
  • The right to data portability (Art. 20 EU GDPR),
  • The right to restriction of processing (Art. 18 EU GDPR),
  • The right to object (Art. 21 EU GDPR),

To exercise these rights, please contact: privacy@merlincdn.com. The same applies if you have questions about data processing in Erstream. You also have the right to appeal to the personal data protection supervisory authority.

Right to object

Please note the following in connection with the right to object:

If we process your personal data for the purpose of direct marketing, you have the right to object at any time without giving reasons. This right also applies to profiling as long as it is connected with direct advertising.

If you object to the processing of your personal data for direct marketing purposes, we will no longer process it for these purposes. Objection is free of charge and can be made without filling in a form at: privacy@merlincdn.com.

In the event that we process your data to safeguard legitimate interests, you can object to such processing at any time for reasons relating to your particular situation; this also applies to profiling based on these provisions.

We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Processing of your personal data complies with the provisions of the EU GDPR and all other applicable data protection regulations. Legal bases for data processing result in particular from Art. 6 EU GDPR.

We use your data for business initiation, development of our services and enhance your experience, fulfilment of contractual and legal obligations, execution of a contractual relationship, offering products and services and for strengthening the customer relationship, which may also include analyses for marketing purposes, customer satisfaction surveys and direct marketing.

Your consent also constitutes a legal provision under data protection law. The following is information regarding the purposes of data processing and about your right to object. If consent also refers to the processing of special categories of personal data, we will expressly point this out to you in the consent.

Processing of special categories of personal data pursuant to Art. 9 Para. 1 EU GDPR only takes place if this is required by legal regulations and there is no reason to assume that your legitimate interest in the exclusion of the processing prevails.

Transfer of data to third parties

We will only share your data to third parties within the framework of legal regulations or with appropriate consent. Otherwise, data will not be shared to third parties unless we are obliged to do so by mandatory legal provisions (transfer to external bodies such as supervisory authorities or law enforcement authorities).

Data recipients / categories of recipients

Within our company, we ensure that only those persons receive your data who need them to fulfil their contractual and legal obligations through our website, agreements are established with Erstream Yayıncılık A.Ş.

It is possible that other affiliated and/or sister companies may become involved during agreements and requests. For example, a request for on-site support at your location may be processed by an Erstream-affiliated company in your area for said purpose.

In some cases, service providers support our specialist departments in performing their tasks, e.g. sending newsletters.

The necessary data protection agreements have been concluded with all service providers.

Transfers of personal data to third countries / intention to transfer data to a third country

Data is only transmitted to third countries (countries outside the Turkey, European Union or the European Economic Area) if required to do so by law, you have given us your consent or if this is necessary for the performance of an obligation.

This is currently the case when you use ??? service for inquiries because a service provider outside Turkey and the European Economic Area who provides this function for us receives access to your personal data. In this case, we take all possible and necessary measures in accordance with Art. 44 et seqq. EU GDPR to establish a level of data protection in the third country.

Data retention

We keep your data only for as long as it is needed for the Merlin Services and purposes described in this Privacy Policy. Please note that numerous retention periods require that data continue to be (must be) stored. This applies in particular to commercial or tax storage obligations (e.g. Turkish Commercial Code, Tax Code, etc.). If there are no further storage obligations, the data will be routinely deleted once the purpose has been achieved.

In addition, we may retain data if you have given us permission to do so or if legal disputes arise and we use it as evidence within statutory limitation periods of up to thirty years; the regular limitation period is ten years.

Secure data transfer

In order to protect data from accidental or deliberate manipulation, loss, damage or access by an unauthorized person, we have taken appropriate technical and organizational security measures. To this end, the level of security is continually tested and adjusted to reflect new standards in security, in collaboration with security experts.

Data transferred to and from our website is always encrypted. We offer HTTPS as the transmission protocol for our website, in each case using the current encryption protocols.

In addition, we offer our users content encryption for contact forms and applications. Only we are able to decrypt this data. It is also possible to use alternative communication channels (e.g. by post).

Obligation to provide data

Various personal data are necessary for the establishment, execution and termination of the obligation and the fulfilment of the associated contractual and legal duties. The same applies to the use of our website and the various functions it provides.

We have summarized the details for you in the above point. In certain cases, data must also be collected or made available on the basis of legal regulations. Please note that it is not possible to process your request or to perform the underlying obligation without providing this data.

Data categories, sources and origins

The data we process depends on the context. This depends on e.g. if you place an online order, send an enquiry using our contact form, send us application or make a complaint.

Please note that we may also make information available separately at a suitable location for special processing situations, e.g. when uploading application documents or making a contact request.

When you visit our website and use Merlin Services we collect and process the following data:

When you visit our site, your internet browser transmits the following types of data, which we then save:

  • the browser type and language,
  • the IP address of the computer used to access the site,
  • the server requests (e.g. accessed pages) including time stamps and
  • the referral URL (i.e. the address of the previous website that you visited, if you came to our site by following a hyperlink from there).

These first three data types are technically required to be able to properly display the webpage you accessed. Moreover, this data may be used, if necessary, to maintain secure operation of this website (e.g. to protect against hacking). The IP address and browser language are also used to suggest appropriate language settings for our website. The referral URL is anonymized and used to compile statistics.

We also collect information about how you use Merlin Services, such as the types of use or engage with; the features you use; the actions you take; frequency and duration of your activities. For example, we log when you're using and have last used Merlin Services.

For reasons of technical security and in particular to prevent attempts to attack our web server, this type of data is also stored for a certain period of time in accordance with Art. 6 Paragraph 1, Sentence 1(f) EU GDPR.

When you contact us with an enquiry, we collect and process the following data:

Our website offers you different ways to contact us, e.g. to get information on certain products. You can use the online chat function, request a call back or send an e-mail message.

A contact form is used to collect the required details for communication (e.g. name, phone number or e-mail address) as well as to send your message. The collected data are used for customer relations management (contact history) and for responding to/fulfilling your request.

When you place an order, we process the following data:

As a customer, you can order digital services and products in our website www.merlincdn.com.

To process your orders, your contact details, invoice/delivery address and payment method (bank, credit cards, etc.) are required.

In some cases, a credit check may be performed when placing an order. Details will be provided during the ordering process. The credit check is carried out pursuant to Art. 6 Para. 1 S. 1(f) EU GDPR within the scope of our legitimate interest in the customer’s ability to pay.

When you apply online, we collect and process the following data:
  • Master data (e.g. name, additional names, date of birth, and academic titles, if applicable),
  • Contact details (postal address, phone number, email address),

In addition, we may collect and process various other (voluntary) data. You may also choose to provide information regarding your personal accounts on social networks that may be relevant for the service.

We have implemented security measures to ensure that your data remain safe and confidential at all times. All account information submitted via the web site are encrypted. Provisions to protect your information always correspond to the latest technological standards.

Your data provided in the context of the buying process are stored subject to applicable law. We will retain your data beyond this point only if we are entitled to or have an obligation to do so, e.g. if you have given your express consent for us to retain your data for an extended and specified period of time, or to exercise our rights under applicable law.

For instance, we are obliged to retain certain data under the Turkish Customer, Tax and Commercial Codes. All statutory periods of limitation are observed. You can find further information in the Privacy Policy.

When you subscribe to a newsletter, we collect and process the following data:
  • Title
  • Last name, first name,
  • E-mail address.

Please be aware that we conduct anonymous link tracking for statistical purposes.

Contact forms / contact via e-mail, chat or phone

A contact form is available on our website which can be used to contact us electronically. If you write to us using the contact form, we will process the information you provide to contact you and answer your questions and requests. (Art. 6 Para. 1 S. 1(a, b) EU GDPR).

If you contact us by e-mail, we will process the personal data provided solely for the purpose of processing your enquiry.

If you request a call back, we collect your name and telephone number. When requesting a call back, you can attach a message if you wish.

You can also contact us via live chat. When using the chat feature, we collect and process your first and last names as well as your e-mail address. The chat history is saved on our internal servers for 90 days for reasons of follow-up and is then deleted.

All data required to complete the form is subject to the principles of data reduction and data economy, meaning you only have to provide the data that is absolutely necessary for processing inquiries and making contact.

For reasons of technical security and in particular to prevent attempts to attack our web server, we will also process your IP address.

Newsletters

You can subscribe to our free newsletter via our website. The e-mail address and name provided during the registration process are used to send a personalized newsletter in accordance with Art. 6 Para. 1 S. 1(a) EU GDPR.

The principle of data economy and data reduction is observed, as only the e-mail address, name and title are marked as mandatory fields to enable personalization. Due to technical and legal reasons, we will also process your IP address.

You can cancel your subscription at any time via the unsubscribe option provided in the newsletter and therefore revoke your consent. You also have the option to unsubscribe directly via our website.

Online shop

Unless you agree to additional use, we only process the data you provide on an order form for the performance or processing of the contractual relationship. Art. 6 Para. 1(b) EU GDPR.

All data are subject to the principles of data reduction and data economy, meaning you only have to provide the data that is absolutely needed for the performance of the contract or for the fulfilment of our contractual obligations (i.e. your name, address, e-mail address and the payment data required for the chosen payment method) or to which we are legally obliged to collect.

Due to technical and legal reasons, we will also process your IP address. Without this data we will unfortunately have to reject the contract, as we will then not be able to perform our obligations. We may also have to terminate an existing contract. You can of course provide us with more data if you wish.

Purposes and legal bases for data processing

Processing of your personal data complies with the provisions of the EU GDPR and all other local applicable data protection regulations.

Your personal data is processed exclusively to develop Merlin Services, to conduct pre-contractual measures (e.g. creating quotes for products or services) and to comply with our contractual obligations (e.g. implementation of our services or for processing your order/payment), (Art. 6 Para. 1 S. 1(b) EU GDPR) or if there is a legal obligation for processing (e.g. for tax law purposes) (Art. 6 Para. 1 S. 1(c) EU GDPR). These are the purposes for which your personal data was originally gathered.

Your consent can also constitute a legal provision under data protection law (Art. 6 Para. 1 S. 1(a) EU GDPR). Before you grant permission, we clarify the purpose of data processing and your right of revocation in accordance with Art. 7, Para. 3 EU GDPR. 

For the detection of criminal offences, personal data will only be processed under the conditions of Article 10 EU GDPR.

Data recipients / categories of recipients

As part of the required business processes, our specialist departments will be supported by external service providers in order to carry out their work. To protect the data being processed, the necessary data protection contracts have been concluded with all service providers.

These are in particular service provider companies such as data centres or IT companies, in addition to finance and consultancy companies who support us in verifying business-related data. In addition, in certain specialist areas, we use supporting specialist IT experts from manufacturers and partner companies who possess the necessary product expertise. Your data will also, as necessary, be transferred to the manufacturers of the quoted or ordered products for project processing (registration, project notification, quote creation, order processing) who may be based in a non-EU country or other country than Turkey.

We transfer payment processing information to credit, trade and financial agencies in order to check payment history and creditworthiness.

Where necessary, your personal data may be processed in the cloud to optimize existing processes (for example for more efficient communication and contract processing). For this reason, we have concluded contracts required from a data protection perspective. As far as the cloud provider is located in a country outside of the Turkey, EU /EEA, we take all possible and necessary measures in accordance with Art. 44 et seqq. EU GDPR to establish a level of data protection in the third country. We employ technical and organizational measures to ensure that only those persons receive your data who need them to fulfil their contractual and legal obligations.

Registration / Customer account

Customers have the possibility to provide personal information to register on our website. The advantage is that you can see your order history and the data required for the order form is saved. This means that you don’t have to re-enter information every time you order.

Registration serves either to fulfil a contract (via our online shop) with you or to carry out pre-contractual measures. Art. 6 Para. 1 S.1(a, b) EU GDPR.

All data are subject to the principles of data reduction and data economy as only mandatory information is collected for the purposes of registration. This includes, for example, the email address and password and the repeated password.

The remaining fields are voluntary and are labelled as such.

If you order in our web site, we need details such as your title, first name, last name, address for billing. Additional information is required should the using and billing address differ.

During the registration process, the user’s IP address along with the date and time (technical background data) are also saved. By clicking on “Sign Up Now”, your customer account is created.

Please note: passwords are encrypted and then saved, meaning that our company employees are unable to view them. If you forget your password, we will therefore be unable to give you any information about it.

In this case, please click on “Forgotten your password?” so that an automatically generated password can be sent. No employee is authorized to call or write to you and request your password. Please never reveal this information even if you are requested to do so.

Once signing up has been completed, your data are saved in the secure customer area. As soon as you log in to our website with your e-mail address as user name and password, this data will be made available on our website to help you carry out your tasks. You can view information on placed orders in the order history. You can also change your using or billing addresses.

Registered users are free to change / correct billing or using addresses in the order history. Alternatively, our customer services will be happy to change / correct any information. You of course have the right to delete your account.

Payment systems, credit checks

You can pay with a credit card or via PayPal in our online shop. The respective payment-relevant data are collected in order to be able to carry out and complete your order and payment. Art. 6 Para. 1 S. 1(a, b) EU GDPR. Due to technical and legal reasons, we will also process your IP address.

All data are subject to the principles of data reduction and data economy, meaning you only have to provide the data that is absolutely needed to complete your payment and therefore execute the contract or for the collection of which we are legally obliged.

Without this data we will unfortunately have to reject the contract, as we will then not be able to perform our obligations. 

The payment system we use employs SSL encryption to ensure the secure transfer of your data.

A note on credit card payments:

As is standard with credit card payments, our service provider Wirecard checks the details and carries out a credit and fraud prevention check. Details on data protection at Wirecard can be found at https://www.wirecardbank.com/GDPR.

A note on PayPal:

PayPal is a company of PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal, L-2449 Luxembourg. If you select this as your method of payment, your data are automatically transmitted to PayPal.

By selecting this payment option, you consent to the transfer of the personal data required for payment processing. This normally means your first and last names, address, e-mail address, IP address, phone number, mobile number or other data necessary for the payment to be completed.

Personal data connected to the order is also necessary to enable the processing of the purchase agreement. Details on data protection at PayPal can be found here: https://www.paypal.com/de/webapps/mpp/ua/privacy-prev.

A note on direct debits:

As is standard with this payment method, account information is collected to enable the billed amount to be deducted.

Advertising to existing customers

Erstream would like to maintain a relationship to its customers and send information and offers on products and services. Art. 6 Para. 1 S.1(f) EU GDPR. We therefore use your data to email you relevant information and offers as well as customer satisfaction surveys.

If you would prefer us not to do so, you can object at any time to the use of your personal data for direct marketing purposes. This right also applies to profiling as long as it is connected with direct advertising. As soon as we receive your objection, your data will no longer be processed for this purpose.

An objection is free of charge and can be made without filling in a form by calling: +90 … by e-mail to privacy@merlincdn.com or by post to Merkez Mahallesi, Akar Caddesi, I Tower Bomonti Apt. No: 3/18 Şişli İstanbul 34384 Turkey.

Sign up Page

We understand that your data is a sensitive matter. That’s why all personal information you submit via our sign up form is exclusively used for the purpose of the sign up process and we will not contact you for any other reason. Art. 6 Para. 1 S.1(a, b) EU GDPR. No data are transferred to a third party without your consent.

When you fill out the sign up form, you are asked to provide certain personal information. All data required to complete the sign up form is subject to the principles of data reduction and data economy, meaning you only have to provide the data that is absolutely needed to process your signing up, or that we are required to obtain under applicable law. Mandatory information is marked with a * (asterisk). Due to technical and legal reasons, we will also process your IP address.

Without this information, we are unable to complete your signing up. If you wish, you can also provide additional, optional information via the sign up form.

We have implemented security measures to ensure that your data remain safe and confidential at all times. All information submitted through the signing up are encrypted.

We keep your data for the above purposes for the duration of your account and until your deleting your account, however, for no longer than required by law. 

Cookies (Art. 6 Para. 1 S. 1(f) EU GDPR, Art. 6 Para. 1 S. 1(c) EU GDPR, Art. 6 Para. 1 S. 1(a) EU GDPR

Our websites use cookies on various pages. Their purpose is to enhance our product and services, as well as to make our site more user friendly, more secure and simply better. Cookies are small files that are saved on your computer and in your browser (locally on your hard drive). Within the scope of our legitimate interest (Art. 6 Para. 1 S. 1(f) EU GDPR) we utilize cookies that are technically necessary for the running of the website and to secure its functionality. Depending on the purpose, these are permanently stored—even after the session has ended—(persistent cookies, e.g. opt out) or are deleted when the browser closes (so-called session cookies that are only valid for one browser session).

With your consent, we also use other cookies. These cookies help us to see how users use our website, enabling us to design the website content according to the visitor’s needs. In addition, cookies enable us to measure the effectiveness of a particular advert and to place it according, for example, to the user’s thematic interests. The legal basis for this is your consent (Art. 6 Para. 1 S. 1(a) EU GDPR).

If you have given your consent, this can be revoked at any time without providing a reason via the Preference Centre.

We use the Usercentrics Consent Management Platform to gather and manage consent. The operator is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany. The Usercentrics Consent Management Platform uses JavaScript to collect device and browser information, anonymised IP addresses, opt in and opt out data, data and time of visit, URL requests, website path and geographical location. JavaScript enables Usercentrics GmbH to inform users about certain tags and web technologies on our website and to obtain, manage and document their consent. The legal basis for the processing of data is Art. 6 Para. 1 S. 1(c) GDPR as we are legally required to prove consent (pursuant to Art. 7 Para. 1 EU GDPR). Our objective is to identify user preferences, implement them accordingly and document them in a legally compliant manner. Data are deleted as soon as they are no longer needed for logging and no legal storage obligations exist. Consent and revocation data are stored for a period of three years. After this data, the data are immediately erased or forwarded to the responsible authority as a data export on request. The user can prevent JavaScript from being run at any time by making appropriate changes to the browser settings, which would, in turn, prevent Usercentrics from running JavaScript. Further information on data protection at Usercentrics can be found at: https://usercentrics.com/privacy-policy/

This also applies to other cookies: Most web browsers automatically accept cookies as default. Of course, cookies can also be manually deactivated, restricted or deleted on your end device via your browser settings or via software-support.

Please note: If you deactivate cookies, not all functions of our website may be fully usable under certain circumstances.

The creation of user profiles or the use of cookies which are not purely functional (Art. 6 Para. 1 S. 1(a) / Art. 6 Para. 1 S. 1(f) EU GDPR).

The following tools and services are used on our website:

Webtrekk

We make use of Webtrekk GmbH technologies for the statistical evaluation of our website. Webtrekk GmbH is based at Robert-Koch-Platz 4, 10115 Berlin and collects, saves and analyses data. The company has data protection certification in the area of web controlling in Germany after its data processing was checked for conformity and data security. With the help of Webtrekk services we collect statistical data about the use of our website. The data are used to improve and optimise our offers in order to make them more interesting for you. The use of Webtrekk is based on your consent to its use (Art. 6 Para. 1 S. 1(a) EU GDPR. You may revoke your consent at any time here.

When using our website, information which is transmitted by your browser is collected and analysed, through cookies and so-called pixels which are integrated into each website. The following data are collected: Request (name of the requested file), browser type and version, browser language, operating system, internal resolution of the browser window, screen resolution, JavaScript activation, Java on/off, cookies on/off, colour depth, referrer URL, IP address (anonymised and deleted after use), access time.

Webtrekk uses session cookies, which are deleted when the browser session is closed. This also applies to last-click cookies. Webtrekk also uses evercookies, which are deleted after a defined number of clicks, and expire after a maximum of 6 months. Web-usage data are not combined with any other information about the pseudonym’s user. These cookies are deleted once it is no longer necessary to save data for analytical purposes, or upon user request.

This data will not be able to be directly linked to a particular individual. Data collected in this way is used to create anonymous user profiles that form the basis for web statistics.

Google Analytics

We use the Google Analytics tool provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland on our website. This tool enables us to analyse how you use our website.

To do so, the following information is stored:

  • IP address
  • Usage data
  • Click path
  • App updates
  • Browser information
  • Device information
  • JavaScript support
  • Visited sites
  • Referrer URL
  • Downloads
  • Flash version
  • Location information
  • Purchasing activity
  • Widget interactions
  • Date and time of visit

The legal basis for the processing of your personal data is your consent in accordance with Art. 6 Para. 1 S. 1(a) EU GDPR. You may revoke your consent at any time here. The purpose of processing your personal data by the Google Analytics service is to analyse the interaction of our website visitors with our website. By analysing the data collected, we can optimise our offerings and improve user-friendliness. We delete or anonymise data collected with Google Analytics as soon as they are no longer required for our purposes. This will be the case after 26 months.

This service can forward the data to another country. Please note that this service can transfer data outside of the European Union / European Economic Area to a third country, which does not offer a suitable level of data protection. If transferred to the USA, there is a risk that your data will be processed by US authorities for purposes of control and surveillance. In this case, you may not be entitled to legal recourse. However, we take all possible and necessary measures in accordance with Art. 44 et seqq. EU GDPR to establish a level of data protection in the third country.

Google Tag Manager

This website uses Google Tag Manager provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. This service enables website tags to be managed via an interface. The tag manager tool itself (that implements tags) is a cookie-free domain which means generally speaking, no cookies are used and no personal data are collected. Google Tag Manager triggers other tags that, in turn, may collect data. Google Tag Manager does not access this data. If you have disabled domains and cookies, this shall also apply to all tracking tags that are implemented with Google Tag Manager.

For more information, please visit https://www.google.com/tagmanager/use-policy.html.

Furthermore, Google Tag Manager includes the following sub-services (Eloqua, LinkedIn Insight Tag, Hotjar, Google Ads Remarketing, Google Ads Conversion Tracking, Facebook Pixel). This means that consenting to Google Tag Manager means consenting to all the sub-services (Art. 6 Para. 1 S.1(a) EU GDPR). Your option to revoke consent is described in the individual sub-services. As soon as you object to one sub-service, your objection will automatically apply to all others included within Google Tag Manager.

Within the scope of these services, data may be transferred outside of the European Union / European Economic Area to a third country, which does not offer a suitable level of data protection. If transferred to the USA, there is a risk that your data will be processed by US authorities for purposes of control and surveillance. In this case, you may not be entitled to legal recourse. However, we take all possible and necessary measures in accordance with Art. 44 et seqq. EU GDPR to establish a level of data protection in the third country.

a. Eloqua

We use the Eloqua service for our online offerings based on your consent pursuant to Art. 6 Para. 1 S. 1(a) EU GDPR, which you can revoke at any time here. Eloqua is a service provided by the Oracle Corporation, 500 Oracle Parkway, Redwood Shores, CA 94065, USA, and is used to optimise communication with our customers.

Eloqua saves a permanent cookie on your end device if one does not already exist. If you’ve already visited a website that uses Eloqua, it’s possible that you already have this cookie.

Although the cookie itself does not contain any specific personal information, a personal connection can be subsequently established by linking it to further information in the following ways.

We use the Eloqua cookie to analyse how you use our website so that we can continually improve our internet presence. E-mails sent with the help of Eloqua use tracking technologies. We use this data to determine which topics are of interest to you. To do this, we collect data to find out whether our e-mails are opened and which links you have clicked on. This information is then used to improve the e-mails we send you and the services we provide.

The following data may be collected for this purpose: cookie information, IP address, visited sites plus, when sending e-mails with Eloqua, title, first name, last name and e-mail address.

In some instances, group companies and service providers support Oracle in fulfilling its tasks. Oracle maintains a list of these parties. Oracle transmits your personal data to a service provider or group company outside the European Economic Area. In this case, there is a risk that your data will be processed by US authorities for purposes of control and surveillance. In this case, you may not be entitled to legal recourse. However, we take all possible and necessary measures in accordance with Art. 44 et seqq. EU GDPR to establish a level of data protection in the third country.

Your data is stored for a period of 25 months in the Oracle Marketing Cloud.

You can find more information on data protection in connection with the use of Eloqua here: Oracle Privacy Policy.

b. Hotjar 

This website uses the web analysis service, Hotjar, provided by Hotjar Ltd. Hotjar Ltd is a European company located in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta.

This tool helps us track movement around our website in heatmaps. making it possible to see how far users scroll and which buttons are most frequently clicked on. This tool also helps to collect feedback from website users Data collected are date and time of your visit, browser information, usage data, your click path, IP address, device operating system, your geographical location, browser language and screen resolution. helping us to make our websites faster and more customer-friendly based on this valuable information. This analysis is based on your consent in accordance with Art. 6, Para. 1 S. 1(a) GDPR, which can be revoked at any time here: https://www.hotjar.com/legal/compliance/opt-out/. When using this tool, we pay particular attention to the protection of your personal data, and so we can only track which buttons you click on and how far you scroll. Areas of websites on which your personal data or that of third parties is displayed are automatically hidden by Hotjar and can therefore not be tracked.

Personal data is stored for 365 days before we delete it.

Further information about Hotjar Ltd. And the Hotjar tool can be found here: https://www.hotjar.com

The Hotjar Ltd. Privacy Policy can be viewed here: https://www.hotjar.com/privacy

c. Google Ads Remarketing

On our website, we use the remarketing feature provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). By utilising the remarketing feature, we can present visitors to our website with advertising based on their interests on other websites within the Google advertising network (Google ads in Google search, on YouTube or other websites). In order to do so, the interaction of visitors to our website is analyses to see, for example, which offers the visitor is interested so that the visitor can be shown targeted advertising when visiting other websites. For this purpose, Google stores a number in the browser of users who use certain Google services or visit certain websites within the Google display network. This number, or cookie, is used to collect information on the user’s visits and serves as to uniquely identify a web browser on an end device, but does not identify a person. Within the scope of Google Ads Remarketing, we collect and process the following data: Visited sites, IP address, duration of visit, other information on the use of websites, content related to the visitor’s interests.

The Google tool is used on the basis of your consent pursuant to 6 Para. 1 S. 1(a) EU GDPR. You may revoke your consent at any time here. This only applies to the device and the web browser used on it. Consent must therefore be revoked for every device. When the opt out cookie is deleted, you will be asked once again to consent to data transfer.

You can configure your browser to block adverts from third-party providers or download a plugin, which is available for all standard browsers, here: https://support.google.com/ads/answer/7395996. When installed, the plugin will permanently block Google tracking.

Your data are forwarded to Google for analysis. If you have a Google account, the tracking data collected can be linked to this account. Data are transferred to third countries, and so in this case, there is a risk that your data will be processed by US authorities for purposes of control and surveillance. In this case, you may not be entitled to legal recourse. However, we take all possible and necessary measures in accordance with Art. 44 et seqq. EU GDPR to establish a level of data protection in the third country.

These data collected are erased as soon as they are no longer needed for our purposes. In our case, this means after 24 months.

Further information on Google plus the Google Privacy Policy can be found here: www.google.com/privacy/ads/

d. Google Ads Conversion Tracking

On our website, we use the Google Ads Conversion Tracking advertising service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). We measure the advertisements you click on from Google Search, Shopping or Display Network sites. When clicking on an advert, a cookie will be stored in your browser which is used to track what happens after you have clicked (conversion tracking). This data helps us to measure the effectiveness of our advertising campaigns. For this purpose, the following data are collected: Adverts clicked on, IP address, web inquiry, usage data, cookie ID, date and time of visit, cookie information, error URL, browser language and type.

The Google tool is used on the basis of your consent pursuant to 6 Para. 1 S. 1(a) EU GDPR. You may revoke your consent at any time here. This only applies to the device and the web browser used on it. Consent must therefore be revoked for every device. When the opt out cookie is deleted, you will be asked once again to consent to data transfer.

You can configure your browser to block adverts from third-party providers or download a plugin, which is available for all standard browsers, here: https://support.google.com/ads/answer/7395996. When installed, the plugin will permanently block Google tracking.

Your data are forwarded to Google for analysis. If you have a Google account, the tracking data collected can be linked to this account. Data are transferred to third countries, and so in this case, there is a risk that your data will be processed by US authorities for purposes of control and surveillance. In this case, you may not be entitled to legal recourse. However, we take all possible and necessary measures in accordance with Art. 44 et seqq. EU GDPR to establish a level of data protection in the third country.

These data collected are erased as soon as they are no longer needed for our purposes. In our case, this means after 24 months.

Further information on Google plus the Google Privacy Policy can be found here: www.google.com/privacy/ads/

e. Facebook Pixel

This website used Facebook Pixel provided by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA; or if located within the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland.

The legal basis for data processing is your consent (Art. 6 Para. 1 S. 1(a) EU GDPR). You may revoke your consent at any time here.

Pixel allows the behaviour of visitors to the page to be tracked (e.g. information about items viewed) after they have been redirected to a provider’s website by clicking on a Facebook ad, enabling the effectiveness of Facebook advertising to be evaluated for statistical and market research purposes and means that future advertising measures can be optimised. The data are stored and processed by Facebook so that it can be linked to the user’s profile. Facebook can then use the data for its own advertising purposes in accordance with its Data Usage Policy.

The information collected via Pixel can also be used to show interesting advertisements about our offers in your Facebook account. Information collected via Pixel can also be collated by Facebook and used for their own advertising purposes for the advertising purposes of third parties. This means, for example, Facebook can infer certain interests from your behaviour on this website and can also use this information to advertise third-party offers.

Facebook can also combine the information collected via Pixel with other information collected from other websites and/or in connection with the use of Facebook to save a profile of you.

In this case, Facebook collects your Facebook user ID, browser information, usage information, non-sensitive user-defined data, referrer URL, Pixel ID, usage behaviour, viewed advertisements; interactions with adverts services and products; marketing information, viewed content, IP address, device information, marketing campaign success and your geographical location.

Facebook Pixel allows your behaviour to be tracked over several sites after a Facebook add has been viewed or clicked on. This serves to analyse the effectiveness of Facebook advertising for statistical and market research purposes and can contribute to the optimisation of future marketing measures.

If required, Facebook Inc. transfers personal data to the USA. In this case, there is a risk that your data will be processed by US authorities for purposes of control and surveillance. In this case, you may not be entitled to legal recourse. However, we take all possible and necessary measures in accordance with Art. 44 et seqq. EU GDPR to establish a level of data protection in the third country.

Facebook processes data within the scope of the Facebook Data Usage Policy: https://www.facebook.com/policy. Specific information regarding Facebook Pixel and how it works can be found here: https://www.facebook.com/business/help/651294705016616.

AppDynamics

AppDynamics services are sued on our website. AppDynamics LLC is a company with limited liability located in 03 Second Street, 8th Floor, North Tower, San Francisco, CA 94107, USA. The use of this service is based on your consent in accordance with Art. 6, Para. 1 S. 1(a) GDPR, which can be revoked at any time.

Using AppDynamics, we are able to analyze your behavior on our site in order to optimize it and present you with relevant content.

The following data are collected:

  • Geo-localization (when using mobile devices)
  • IP address
  • Web browser information (type, version, length of sitting, data and time)
  • Title of the website visited
  • Referrer URL
  • The respective website’s attachment URLs
  • The time spent visiting a particular URL
  • Parameters and load data
  • Interactions with the user interface
  • Unique device identifiers
  • Downloading errors
  • Page answer times
  • Time zone
  • Device operating system
  • Internet service provider

When using AppDynamics, we use globally-unique identifiers (GUID) to create a user profile. This helps, for example, to analyse if certain users or user groups regularly experience crashes or other issues and enables us to resolve them. The purpose for using AppDynamics is, therefore, the continuous improvement and development of our website.

The data collected are stored in an Amazon Web Services (AWS) cloud, from where data can, in principle, be transferred to different locations around the world.

Within the scope of this service, data may be transferred outside of the European Union / European Economic Area to a third country, which does not offer a suitable level of data protection. If transferred to the USA, there is a risk that your data will be processed by US authorities for purposes of control and surveillance. In this case, you may not be entitled to legal recourse. However, we take all possible and necessary measures in accordance with Art. 44 et seqq. EU GDPR to establish a level of data protection in the third country.

We erase / anonymise data collected via AppDynamics after a period one year.

Further information about how AppDynamics handles your personal data can be found here: https://www.appdynamics.com/privacy

AppDynamics has an SOC (Service Organization Control) 2 certificate, which can be viewed at https://www.appdynamics.com/security.

A list of service providers used by AppDynamics for purposes of provisioning and maintenance can be viewed here: https://www.appdynamics.com/privacy/subprocessors

Ginni

The tool, Ginni - provided by Bechtle AG, Bechtle Platz 1, 74172 Neckarsulm Germany—is used on our website.

By using this tool, it is possible to connect your behaviour (user journey) with our products. Ginni uses related interaction patters to learn which products and / or content pages correlate with each other and, based on the correlations learned, Ginni can recommend products and pages.

In this way, based on your interactions on our website, we can determine which links you clicked on while on your user journey were related to specific products, hence making it possible to see a correlation.

Ginni processed the session ID assigned to you.

The legal basis for this is our legitimate interest in the optimisation of our website and product offering pursuant to Art. 6 Para. 1 S. 1 lit(f) EU GDPR.

Only your current user journey is analysed. However, no recommendations are made directly based on your own visitor and interaction history, but are rather generated based on the behaviour of all website users as a whole.

Data collected via Ginni are not transferred to third parties.

User interaction data required for the learning process are erased at the latest after 90 days.

If you do not agree to the use of Ginni as describes here, you of course have the right to object at any time with effect for the future. In this case, please contact privacy@bechtle.com.

Google Maps

On our website, we use Google Maps (API) provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”). To guarantee data protection, Google Maps is disabled when you first enter our website. A direct connection between the Google servers is only established when you enable Google Maps (Consent according to Art. 6 Para. 1 S. 1(a) EU GDPR). You may revoke your consent at any time here. In this way, your data are not immediately transferred to Google as soon as you enter the site.

Google Maps will site your IP address one it has been enabled. This will then generally be transferred to and stored in a Google server located in the USA.

As data are being transferred to a third country, there is a risk that your data will be processed by US authorities for purposes of control and surveillance. In this case, you may not be entitled to legal recourse. However, we take all possible and necessary measures in accordance with Art. 44 et seqq. EU GDPR to establish a level of data protection in the third country.

Further information on the handling of user data can be found in Google’s Privacy Policy: https://www.google.de/intl/de/policies/privacy/.

Finding the nearest Erstream location

Our website may offer you the possibility to find your nearest Erstream location by stating your current location or using the Google Maps location finder feature (see use of Google Maps). The use of the location finder feature is based on your consent in accordance with Art. 6, Para. 1 S. 1(a) GDPR, which can be revoked at any time.

Embeds

On our website we embed content in our online offerings, etc. These embeds can, for example, be a YouTube video.  In this case, data are always transferred to the corresponding platform’s server.

This data processing is based on your consent, which can be revoked at any time.

YouTube

The embedding of YouTube content is carried out using a technical process called framing. Framing describes the process of inserting a YouTube HTML link into a website’s code to create a frame on the third-party site, which enables the video stored on YouTube servers to be played.

We use the framing codes generated by YouTube in privacy-enhanced mode. According to the information provided by YouTube, cookie activity and the resulting data collection are only linked to the playback of the video itself. Data collection from simply using a website with framed content is therefore prohibited.

In order to play YouTube content, we need your consent (Art. 6 Para. 1(a) EU GDPR), which you can give (if you have not already done so within the scope of your cookie selection) via the button in the respective section of the video. By clicking on the Play-Button, you consent to your IP address being transferred to YouTube (YouTube, LLC 901 Cherry Ave. San Bruno, CA 94066 USA) and to the provider saving a cooking in your browser. For your convenience, your consent is valid for 30 days and saved in a local storage object, which we store in your browser. You may revoke your consent at any time.

Vimeo

Vimeo content is integrated through the use of a JavaScript tag. By simply inserting a code provided by Vimeo into the website’s code, content is displayed and its layout loaded from the Vimeo servers.

In order to play Vimeo content, we need your consent (Art. 6 Para. 1(a) EU GDPR), which you can give (if you have not already done so within the scope of your cookie selection) via the button in the respective section of the video. By clicking on the Play-Button, you consent to your IP address being transferred to Vimeo (Vimeo, LLC555 West 18th Street New York, NY 10011 United States) and to the provider saving a cooking in your browser. For your convenience, your consent is valid for 30 days and saved in a local storage object, which we store in your browser. You may revoke your consent at any time.

Social media
Social network plug-ins

No social plug-ins are enabled on our website.

Social media links

You’ll find to social media services from Facebook, Twitter, YouTube, Instagram, LinkedIn and Xing on our website. Links to the webpages of these social media providers are recognizable by the respective company logo. When you click on the links, you will be forwarded to our page on the various social media platforms. Clicking on these links creates a connection to the social media providers’ servers, which then receive the information that you have visited our website. Additional data are also transferred to the social media service, for example:

  • Address of the website where the activated link is located,
  • Date and time of your visit to the website or link activation,
  • Information about the browser and operating system used,
  • IP address.

If you are already logged in to the social media site at the time the link is activated, the provider may be able to determine your username and possibly even your real name from the data transferred and assign this information to your personal user account. To prevent this from happening, please make sure you are logged out of your account.

The social media providers’ servers are located in the USA and other countries outside of the European Union and Turkey. For this reason, data can also be processed by the social media provider in countries outside of the European Union and Turkey. Please be aware that business in these countries is not subject to the same strict levels of data protection as those who are member states of the European Union and Turkey.

Please also be aware that we have no influence on the scope, type and purpose of data processing carried out by these social media providers. Further information about the use of your data by the social media platforms embedded on our website can be found in the Privacy Policies of the respective social media provider.

We also use Twitter’s Click to Tweet feature. Click to Tweet gives us the opportunity to pre-formulate the perfect tweet, which is then embedded in a link on our website. When you click on this link, the pre-formulated tweet is opened in Twitter and can be published. This means it only takes a click of a button to share website content on Twitter. No personal data is transferred during this process.

Links to other providers

Our website contains other links to internet sites of other companies, and these links are clearly recognizable as such. We do not have any influence on the content of these sites and cannot, therefore, be held responsible for them. The respective provider or operator is always responsible for the content on the page.

The linked pages were tested for possible legal violations and recognizable infringements at the time at which they were added. No illegal content was detected at the time of creating the links. However, we cannot be expected to continuously check the content of the external websites without specific knowledge of illegal content. Should we be informed of any illegal content on the external sites, we will promptly remove the links.

Use of online services by children

Individuals under the age of 18 may not submit personal information or a declaration of consent to us without the consent of their legal guardian. We ask parents and legal guardians to actively participate in the online activities and interests of their children.

Copyright information

If you would like to publish images, texts, plans, videos, music etc. using Merlin Services, please be aware that you may be transferring all usage rights to the network, which could ultimately have legal consequences for you if you are not the copyright holder yourself.

Automated case-by-case decision

Please note that we generally do not use purely automated processes to make a decision.

Our social media presence

We have a presence on a range of social media platforms to communicate with registered customers and interested parties and inform them of our offers.

Please be aware that using these platforms and their functions is at your own risk. This is especially the case when using interactive functions such as commenting, sharing and leaving reviews.

We also wish to inform you that your data may be processed outside of the European Union and Turkey.

Your data may additionally be processed for market research and marketing reasons, meaning, for example, that a user profile may be created based on your usage and interests. As a result, advertising both on and external to the platforms may be activated, which supposedly correspond to your interests. In order for this to happen, cookies are usually saved on your computer. Independently, data that is not collected directly from your end devices may also be stored in the user profiles (especially if you are member of a platform and are logged in).

The processing of users’ personal data is based on our legitimate interest in effectively providing Merlin Services, informing and communicating with users in accordance with Art. 6 Para. 1 S. 1(f) EU GDPR. If a provider asks for your consent to data processing (e.g. by ticking a box or by clicking “confirm”), then processing is lawful in accordance with Art. 6 Para. 1 S. 1(a) and Art. 7 EU GDPR.

Opting out

If you are a member of a social network and do not want your personal data to be collected through our website and linked to your membership data on the respective network, you must:

  • sign-out of the network before visiting our website,
  • delete cookies stored on your device and
  • re-start your browser.

After logging in again, you will once again be recognized by the network as a specific user.

For more detailed information on how data is processed and how you can opt out, please visit the pages of the respective providers listed below.

If you would like to request information or exercise your rights as a user, this can be done most effectively directly with the providers themselves as only they have direct access to user data and can therefore take appropriate action and provide information. If you do have any problems, you can of course contact us.

  • Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) - Privacy policy: https://www.facebook.com/about/privacy/, Opt out: https://www.facebook.com/settings?tab=ads and https://www.youronlinechoices.com,.
  • Google / YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) – Privacy Policy:  https://policies.google.com/privacy, Opt out: https://adssettings.google.com/authenticated,
  • Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) - Privacy policy / Opt out: https://instagram.com/about/legal/privacy/.
  • Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) - Privacy policy: https://twitter.com/de/privacy, Opt out: https://twitter.com/personalization,.
  • LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) – Privacy policy https://www.linkedin.com/legal/privacy-policy , Opt out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out,
  • Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) - Privacy policy / Opt out: https://privacy.xing.com/de/datenschutzerklaerung.