Introduction
With this privacy policy, we aim to inform you about the types of personal data (hereinafter referred to as “data”) that we process on post-punks.com, the purposes for which we process it, and the scope of such processing. This privacy policy applies to all processing of personal data carried out by us, including in connection with the provision of our services, on our websites, in mobile applications, and within external online presences such as our social media profiles (collectively referred to as “online offer”).
The terms used are not gender-specific.
Status: 27th of January 2024
Responsible
Bennet Polenz
Bunsenstr. 5
22765 Hamburg
Email: bennet@post-punks.com
Legal Notice: post-punks.com/legal-notice
Overview of processing
The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.
Types of data processed
1. Inventory data (e.g. names, addresses).
2. Content data (e.g. text entries, photographs, videos).
3. Contact data (e.g. e-mail, telephone numbers).
4. Meta/communication data (e.g. device information, IP addresses).
5. Usage data (e.g. websites visited, interest in content, access times).
7. Location data (data that indicates the location of an end user's device).
Categories of affected persons
1. Employees (e.g. employees, applicants, former employees).
2. Interested parties.
3. Communication partners.
4. Customers.
5. Users (e.g. website visitors, users of online services).
Purposes of the processing
1. Provision of our online services and user-friendliness.
2. Visit action evaluation.
3. Office and organisational procedures.
4. Cross-device tracking (cross-device processing of user data for marketing purposes).
5. Direct marketing (e.g. by email or post).
6. Feedback (e.g. collecting feedback via an online form).
7. Interest-based and behavioural marketing.
8. Contact enquiries and communication.
9. Conversion measurement (measuring the effectiveness of marketing measures).
10. Profiling (creation of user profiles).
11. Remarketing.
12. Reach measurement (e.g. access statistics, recognising returning visitors).
13. Security measures.
14. Tracking (e.g. interest/behavioural profiling, use of cookies).
15. Contractual services and service.
16. Managing and responding to enquiries.
17. Target group formation (determination of target groups relevant for marketing purposes or other output of content).
Applicable legal basis
Below, we outline the legal basis under the General Data Protection Regulation (GDPR) on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection laws in your country or ours may also apply. If more specific legal bases are applicable in individual cases, we will provide details about them in this privacy policy.
1. Consent (Art. 6 para. 1 sentence 1 lit. a GDPR): The data subject has given their consent to the processing of their personal data for a specific purpose or several specific purposes.
2. Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR): Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
3. Protection of vital interests (Art. 6 para. 1 sentence 1 lit. d. GDPR): Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
4. Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
National data protection regulations in Germany: In addition to the General Data Protection Regulation (GDPR), national data protection regulations also apply in Germany. These include, in particular, the Federal Data Protection Act (BDSG), which provides specific provisions on rights such as access to information, erasure, objection, the processing of special categories of personal data, processing for other purposes, data transmission, and automated decision-making in individual cases, including profiling. The BDSG also contains regulations on data processing in the context of employment relationships (Section 26 BDSG), particularly regarding the establishment, execution, or termination of employment relationships, as well as employee consent. Additionally, data protection laws of individual federal states may also be applicable.
We implement appropriate technical and organisational measures in accordance with legal requirements. These measures are designed to ensure a level of protection appropriate to the risk, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying probabilities and severity of threats to the rights and freedoms of natural persons.
These measures specifically include safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to data, as well as managing access, input, disclosure, availability, and separation of the data. Additionally, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and appropriate responses to data security threats. Furthermore, we incorporate data protection principles into the development and selection of hardware, software, and processes, adhering to the principles of data protection by design and data protection-friendly default settings.
In the course of processing personal data, we may transfer data to other entities, companies, legally independent organizational units, or individuals, or disclose it to them. Recipients of such data may include, for example, payment institutions involved in payment transactions, service providers tasked with IT services, or providers of services and content integrated into a website. In all such cases, we comply with the applicable legal requirements and, in particular, enter into appropriate contracts or agreements with the recipients of your data to ensure its protection.
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if such processing occurs in connection with the use of third-party services, or through the disclosure or transfer of data to other individuals, entities, or organizations, this will only take place in compliance with the applicable legal requirements.
Unless explicitly consented to or legally or contractually required, we process or have data processed in third countries only if they provide an adequate level of data protection. This includes, for example, US processors certified under the “Privacy Shield,” or based on specific safeguards such as contractual obligations through EU Commission standard protection clauses, certifications, or binding internal data protection regulations (Art. 44–49 GDPR; more information is available on the EU Commission’s information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
Cookies are text files that contain data from websites or domains visited and are stored by a browser on the user's computer. A cookie is primarily used to store information about a user during or after their visit to an online service. The information stored may include, for example, the language settings on a website, the login status, a shopping basket or the location where a video was watched. The term ‘cookies’ also includes other technologies that fulfil the same functions as cookies (e.g. when user information is stored using pseudonymous online identifiers, also known as ‘user IDs’)
The following cookie types and functions are distinguished:
1. Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest when a user leaves the online service and closes their browser.
2. Permanent cookies: Permanent cookies remain stored even after the browser is closed. They can, for example, save the login status or display favorite content directly when a user revisits a website. Such cookies can also store user interests for purposes like reach measurement or marketing.
3. First-party cookies: These cookies are set directly by us.
4. Third-party cookies: Third-party cookies are primarily used by advertisers (referred to as third parties) to process user information.
5. Necessary cookies (also referred to as essential or absolutely necessary cookies): These cookies are essential for the operation of a website, such as saving logins or user input, or for security purposes.
6. Statistical, marketing, and personalization cookies: These cookies are often used for measuring reach or creating user profiles based on interests or behaviors (e.g., viewing specific content or using certain features). Such profiles help display content tailored to a user’s potential interests. This process, known as “tracking,” involves monitoring user interests. If we use cookies or tracking technologies, we will inform you separately in our privacy policy or when obtaining consent.
Notes on legal bases:
The legal basis for processing your personal data through cookies depends on whether we request your consent. If we ask for and you provide consent, the processing of your data is based on this consent. If no consent is provided, the data processed through cookies will be handled based on our legitimate interests (e.g., ensuring the operation and improvement of our online offering) or, where necessary, to fulfill our contractual obligations.
General information on cancellation and objection (opt-out):
Depending on whether processing is based on consent or legal permission, you can revoke your consent at any time or object to the processing of your data using cookie technologies (collectively referred to as “opt-out”). You can exercise your objection via your browser settings by disabling cookies (though this may limit the functionality of our online offering).
For online marketing purposes, you can also object to the use of cookies, particularly for tracking, through the services available at https://optout.aboutads.info and https://www.youronlinechoices.com. Additional information on how to object can be found in the context of the service providers and cookies used.
Processing of cookie data on the basis of consent:
Before we process or have data processed in the context of the use of cookies, we ask users for their consent, which can be revoked at any time. Before consent has not been given, cookies that are necessary for the operation of our online offering are used at most. Their use is based on our interest and the interest of users in the expected functionality of our online offering.
Processed data types:
1. Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
2. Data subjects: Users (e.g. website visitors, users of online services).
3. Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).
To ensure the secure and efficient provision of our online offering, we rely on the services of one or more web hosting providers. These providers operate the servers from which our online offering can be accessed (or manage these servers). For this purpose, we may utilize infrastructure and platform services, computing capacity, storage space, database services, as well as security and technical maintenance services.
The data processed as part of the hosting services may include all information related to users of our online offering that is generated through usage and communication. This typically includes the IP address, which is essential for delivering the content of our online offering to browsers, as well as all data entries made within our online offering or originating from other websites.
Collection of access data and log files:
We (or our web hosting provider) collect data on every server access (referred to as server log files). These server log files may contain the addresses and names of the accessed web pages and files, the date and time of access, the amount of data transferred, notifications of successful access, the browser type and version, the user’s operating system, the referrer URL (the previously visited page), and, typically, the IP address and the requesting provider.
Purpose of server log files:
Server log files are used for security purposes, such as preventing server overloads (e.g., during abusive attacks like DDoS attacks) and ensuring the proper functioning and stability of the servers.
1. Processed data types: Content data (e.g. text input, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
2. Data subjects: Users (e.g. website visitors, users of online services).
3. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).
We use blogs or similar online communication and publication platforms (hereinafter referred to as “publication medium”). Readers’ data is only processed to the extent necessary for the presentation of the publication medium, communication between authors and readers, or for security purposes.
Additionally, we refer to the relevant information in this privacy notice regarding the processing of visitor data within the publication medium.
Comments and contributions: When users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is done for security purposes, particularly in the event that someone posts illegal content (e.g., insults, prohibited political propaganda, etc.). In such cases, we may be held liable for the content and therefore have an interest in identifying the author.
We also reserve the right to process user data for spam detection purposes, based on our legitimate interests.
Similarly, we may store users’ IP addresses for the duration of surveys and use cookies to prevent multiple voting, also on the basis of our legitimate interests.
Any personal information provided in comments or contributions, including contact and website details, as well as the content itself, will be stored by us permanently unless the user objects.
1. Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).
2. Data subjects: Users (e.g. website visitors, users of online services).
3. Purposes of Processing: Contractual services and support, Feedback (e.g. collecting feedback via online form), Security measures, Managing and responding to enquiries.
4. Legal bases: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR), Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Protection of vital interests (Art. 6 para. 1 sentence 1 lit. d. GDPR).
When contacting us (e.g. by contact form, e-mail, telephone or via social media), the data of the enquiring persons will be processed insofar as this is necessary to answer the contact enquiries and any requested measures.
Contact enquiries are answered in the context of contractual or pre-contractual relationships in order to fulfil our contractual obligations or to respond to (pre)contractual enquiries and otherwise on the basis of legitimate interests in responding to the enquiries.
1. Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).
2. Data subjects: Communication partners.
3. Purposes of processing: Contact enquiries and communication.
4. Legal bases: Contract fulfilment and pre-contractual enquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
We use platforms and applications from third-party providers (hereinafter referred to as “third-party providers”) to conduct video and audio conferences, webinars, and other types of video and audio meetings. When selecting these third-party providers and their services, we ensure compliance with legal requirements.
In this context, data of the participants in communication processes may be processed and stored on the servers of the third-party providers. This data may include, in particular, registration and contact information, visual and audio contributions, chat entries, and shared screen content.
If users engage with third-party providers or their software and platforms as part of their communication, business, or other relationships with us, these third-party providers may process usage data and metadata for purposes such as security, service optimization, or marketing. We encourage users to review the privacy policies of the respective third-party providers.
Notes on legal bases:
If we request user consent to the use of third-party providers or specific functions (e.g., consent to the recording of meetings), the legal basis for processing is the consent provided. Additionally, the use of third-party providers may be part of our (pre-)contractual services if their use is agreed upon in this context. In other cases, user data is processed based on our legitimate interests in ensuring efficient and secure communication with our communication partners. We also refer to the information on cookie usage in this privacy policy.
Slack
1. Processed data types: Inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., text entries, images, videos), usage data (e.g., websites visited, content interests, access times), and meta/communication data (e.g., device information, IP addresses).
2. Data subjects: Communication partners, users, and team members (e.g., website visitors, users of online services, donors, ambassadors, partners).
3. Purposes of processing: Organization and coordination of work.
4. Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Fulfillment of contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
Zoom
1. Processed data types: Inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., text input, images, videos), usage data (e.g., websites visited, content interests, access times), and meta/communication data (e.g., device information, IP addresses).
2. Data subjects: Communication partners and users (e.g., website visitors, users of online services).
3. Purposes of processing: Contractual services and support, handling contact requests and communication, office and organizational procedures, and direct marketing (e.g., via email or postal mail).
4. Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Fulfillment of contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
We use hosting and analysis services from service providers to offer our audio content for listening or downloading and to obtain statistical information on the retrieval of audio content
1. .Processed data types: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
2. Data subjects: Users (e.g. website visitors, users of online services).
3. Purposes of Processing: Web Analytics (e.g. access statistics, recognition of returning visitors), Conversion Tracking, Profiling (Creating user profiles).
Services used and service providers:
Soundcloud
Soundcloud - Music hosting; Service provider: SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany; Website: https://soundcloud.com; Privacy Policy: https://soundcloud.com/pages/privacy.
Spotify
Spotify - music hosting and widget; Service provider: Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden; Website: https://www.spotify.com/de; Privacy Policy: https://www.spotify.com/de/legal/privacy-policy/.
Cloud services
In this context, personal data may be processed and stored on the servers of the providers, insofar as these are part of communication processes with us or are otherwise processed by us as set out in this privacy policy. This data may include, in particular, master data and contact data of users, data on transactions, contracts, other processes and their content. Cloud service providers also process usage data and metadata that they use for security purposes and to optimise services.
If we use the cloud services to provide other users or publicly accessible websites with forms or other documents and content, the providers may store cookies on users' devices for the purposes of web analysis or to remember user settings (e.g. in the case of media control).
Notes on legal bases: If we ask for consent to the use of cloud services, the legal basis for processing is consent. Furthermore, their use may be part of our (pre)contractual services, provided that the use of cloud services has been agreed in this context. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient and secure administration and collaboration processes).
Processed data types: Inventory data (e.g. names, addresses), contact data (e.g. email, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Data subjects: Customers, employees (e.g. employees, applicants, former employees), interested parties, communication partners.
Purposes of processing: Office and organisational procedures.
Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), Contract fulfilment and pre-contractual enquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Services used and service providers: We use software services accessible via the Internet and running on the servers of their providers (so-called ‘cloud services’, also referred to as ‘software as a service’) for the following purposes: document storage and management, calendar management, sending e-mails, spreadsheets and presentations, exchanging documents, content and information with specific recipients or publishing websites, forms or other content and information as well as chats and participation in audio and video conferences.
Google Cloud Services
Cloud storage services; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://cloud.google.com/; Privacy Policy: https://www.google.com/policies/privacy, Security information: https://cloud.google.com/security/privacy; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000000001L5AAI&status=Aktive; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://cloud.google.com/terms/data-processing-terms; Additional information on data protection: https://cloud.google.com/terms/data-processing-terms.
Newsletter and Broad Communication
To subscribe to our newsletter, providing an email address is generally sufficient. However, we may request additional information, such as a name (to personalize communication) or other details if necessary for the newsletter’s purpose.
We send newsletters, emails, and other electronic notifications (hereinafter referred to as “newsletters”) only with the recipient’s consent or as legally permitted. If the newsletter content is explicitly described at the time of subscription, this content will determine the scope of the user’s consent. Otherwise, our newsletters provide information about our services and our organization.
Double Opt-In Procedure
Newsletter registration follows a double opt-in process. After signing up, users receive an email requesting confirmation of their subscription. This confirmation ensures that no one can sign up using someone else’s email address. The subscription process is logged to comply with legal requirements, including storing the registration and confirmation timestamps as well as the IP address. Any updates to stored data by the email service provider are also recorded.
Deletion and Restriction of Processing
If users unsubscribe, we may retain their email addresses for up to three years based on our legitimate interests to prove prior consent if needed. During this period, the processing of such data is restricted to legal defense purposes. Users can request immediate deletion at any time, provided they confirm their previous consent. In cases where ongoing objections must be permanently observed, we reserve the right to store the email address in a blacklist for this purpose alone.
We log the registration process based on our legitimate interests to demonstrate proper execution. If we use a third-party provider to send newsletters, this is done in the interest of an efficient and secure delivery system.
The newsletter is sent based on the recipient’s consent or, where consent is not required, based on our legitimate interests in direct marketing, provided this is legally permitted (e.g., promotional emails to existing customers). If a third-party provider handles email distribution, this is also based on our legitimate interests. Logging the registration process serves as proof of compliance with legal requirements.
Newsletter Content: Information about us, our services, promotions, and offers.
Newsletters contain a web beacon (a small, invisible image file) that is retrieved from our server (or from the provider’s server, if applicable) when the newsletter is opened. This retrieval records technical data such as browser type, system details, IP address, and access time.
This data is used to optimize the newsletter technically and to analyze target groups based on their reading behavior, such as location-based retrieval (via IP addresses) or engagement times. The analysis also includes tracking whether newsletters are opened, when they are opened, and which links are clicked. While this data can technically be assigned to individual recipients, neither we nor our service provider use it for monitoring specific users. Instead, the insights help us understand user reading habits and adjust our content accordingly.
Unless users provide explicit consent, newsletter tracking and performance measurement are conducted based on our legitimate interests in using a user-friendly and secure newsletter system that aligns with both our business objectives and user expectations.
A separate opt-out from performance tracking is unfortunately not possible; to stop tracking, users must unsubscribe from the newsletter entirely or object to its processing.
1. Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Meta/communication data (e.g. device information, IP addresses), Usage data (e.g. websites visited, interest in content, access times).
2. Data subjects: Communication partners.
3. Purposes of processing: Direct marketing (e.g. by email or post).
4. Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).
5.Possibility of objection (opt-out): You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to unsubscribe from the newsletter either at the end of each newsletter or you can use one of the contact options listed above, preferably email.
We process personal data for online marketing purposes, which may include marketing advertising space, displaying advertisements, and other content (collectively referred to as “content”) based on users’ potential interests, as well as measuring the effectiveness of these activities.
To achieve this, user profiles may be created and stored in a file (commonly referred to as a “cookie”) or through similar technologies. These profiles contain data relevant to content display, such as viewed content, visited websites, online networks used, communication partners, and technical details (e.g., browser type, operating system, and usage times). If users have consented to location data collection, this information may also be processed.
IP addresses are also stored; however, we use IP masking (i.e., pseudonymization through IP address shortening) to enhance user privacy. Generally, clear personal data (such as names or email addresses) is not stored within the online marketing process—only pseudonymous data. As a result, neither we nor the providers of these marketing technologies can directly identify individual users, but only analyze the data stored within their profiles.
The information stored in these user profiles is typically managed using cookies or similar tracking methods. These cookies can later be read on other websites that utilize the same online marketing system, allowing content to be analyzed, enriched with additional data, and stored on the servers of the online marketing provider.
In certain exceptional cases, personal data can be linked to profiles. This can happen, for example, if users are members of a social network where we utilize an online marketing tool and the network directly associates profile data with the collected information. Users should also be aware that additional agreements with providers (e.g., consent given during registration) may further define how their data is processed.
In general, we only receive aggregated performance reports on the success of our advertisements. However, conversion tracking allows us to assess which of our online marketing efforts have resulted in a conversion—such as a contract being concluded with us. Conversion tracking is solely used to analyze and optimize our marketing efforts.
Unless otherwise stated, cookies used for online marketing purposes are stored for up to two years.
If we request user consent for the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests, specifically our interest in providing efficient, cost-effective, and user-friendly services. Additionally, we refer to the section on cookie usage in this privacy policy.
Google Analytics is used for online marketing and web analytics. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, with its parent company being Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. More information about Google Analytics can be found at Google Analytics.
The privacy policy of Google can be accessed at Google Policies. To ensure compliance with data protection regulations when processing data in the USA, Google is certified under the Privacy Shield framework, which can be reviewed at Privacy Shield.
Users who wish to opt out of data collection can use the official opt-out plugin available at Google Analytics Opt-Out. Additionally, settings for controlling the display of advertisements can be managed at Google Ads Settings.
Google Tag Manager is a service provided by Google Inc. (“Google”) that allows for the efficient integration and management of various tracking codes and services on our website. It simplifies the implementation of tags and ensures their structured organization. When a tag is triggered, Google may process personal data, and data transfer to third countries cannot be ruled out.
More detailed information about Google Tag Manager can be found at Google Tag Manager Policy, and Google’s privacy policy is available at Google Privacy Policy.
We maintain online presences within social networks and process user data in this context to communicate with active users and provide information about our organization.
It is important to note that user data may be processed outside the European Union. This may pose certain risks for users, such as potential difficulties in enforcing their rights. However, US providers certified under the Privacy Shield or offering comparable guarantees of an adequate level of data protection commit to complying with EU data protection standards.
User data is also typically processed within social networks for market research and advertising purposes. This means that user profiles can be created based on user behavior and inferred interests. These profiles may then be used to display targeted advertisements both within and outside the respective networks. To facilitate this, cookies are usually stored on users’ devices, tracking their usage behavior and interests. Additionally, user data may be stored across multiple devices, particularly if users are logged into their accounts on the respective platforms.
For a detailed overview of data processing practices and opt-out options, users should refer to the privacy policies and guidelines provided by the respective social network operators.
When requesting information or exercising data subject rights, users should contact the social network providers directly, as only they have access to user data and can take the necessary actions. If further assistance is needed, users can reach out to us.
Processed Data TypesProcessed data may include inventory data (e.g., names, addresses), contact data (e.g., email addresses, phone numbers), content data (e.g., text entries, images, videos), usage data (e.g., websites visited, content interests, access times), and meta/communication data (e.g., device information, IP addresses).
Data SubjectsThis processing applies to users, including website visitors and individuals interacting with our online services.
Purposes of ProcessingUser data is processed for contact requests and communication, tracking (e.g., profiling based on interests and behavior using cookies), remarketing, and web analytics (e.g., access statistics, recognizing returning visitors).
Legal BasisThe processing of user data in social networks is based on our legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
Processed Data Types
1. Usage Data (e.g., websites visited, interest in content, access times)
2. Meta/Communication Data (e.g., device information, IP addresses)
3. Location Data (data indicating the location of an end user’s device)
Data Subjects
1. Users (e.g., website visitors, users of online services)
2. Interested parties
Purposes of Processing
1. Tracking (e.g., profiling based on interests and behavior, use of cookies)
2. Remarketing
3. Conversion Tracking (measuring the effectiveness of marketing activities)
4. Interest-Based and Behavioral Marketing
5. Profiling (creating user profiles)
6. Web Analytics (e.g., access statistics, recognizing returning visitors)
7. Custom Audiences (identifying relevant target groups for marketing or content targeting)
8. Cross-Device Tracking (processing user data across devices for marketing purposes)
Security Measures
1. IP Masking (pseudonymization of the IP address)
Legal Basis
1. Consent (Art. 6 para. 1 sentence 1 lit. a GDPR)
2. Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f GDPR)
Possibility of Objection (Opt-Out)
We refer to the privacy policies of the respective providers and the opt-out options they provide. If no explicit opt-out option is available, you can disable cookies in your browser settings; however, this may limit the functionality of our online services.
For additional opt-out options, consider the following services:
1. Europe: https://www.youronlinechoices.eu
2. Canada: https://www.youradchoices.ca/choices
3. USA: https://www.aboutads.info/choices
4. Cross-Territory: https://optout.aboutads.info
ThFacebook Pixel is provided by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, with its parent company being Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. More details can be found on Facebook’s website.
Facebook’s privacy policy, outlining how data is processed, can be reviewed at Facebook Privacy Policy. To ensure compliance with data protection regulations for processing data in the USA, Facebook is certified under the Privacy Shield framework, which can be accessed at Privacy Shield.
Users who wish to manage their privacy settings or opt out of personalized ads on Facebook can do so at Facebook Ad Settings.
The Facebook Pixel enables Facebook to identify visitors to our online offering as a target group for displaying advertisements (Facebook Ads). We use the Facebook Pixel to ensure that the Facebook Ads we place are shown only to relevant users—those who have shown interest in our online offering or who possess specific characteristics (e.g., interests in certain topics or products based on their website activity) that we share with Facebook (Custom Audiences).
Additionally, the Facebook Pixel helps us ensure that our ads align with users’ potential interests and do not appear intrusive. Furthermore, it allows us to measure the effectiveness of Facebook Ads for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook Ad (conversion measurement).
The Facebook Pixel can also be used within Facebook’s partner network (Audience Network: https://www.facebook.com/audiencenetwork/), extending the reach of advertisements to additional platforms.
1. Contact Information
Post-Punks maintains an online presence on LinkedIn. This privacy policy informs visitors to our LinkedIn page about how their personal data is processed and their data protection rights.
2. Responsibility for Data Processing
Please note that you use LinkedIn and its functionalities, such as sharing and interacting with content, at your own responsibility.
For the processing of personal data related to the use of LinkedIn, the primary data controller is:
LinkedIn Ireland Unlimited CompanyWilton Place, Dublin 2, IrelandPrivacy Policy: LinkedIn Privacy Policy
However, regarding the operation of the Post-Punks LinkedIn page, there is a joint responsibility between Post-Punks and LinkedIn under Article 26 GDPR. This means that, in addition to LinkedIn, Post-Punks is also responsible for data processing on our LinkedIn page.
3. Purpose and Legal Basis for Data Processing
a) Types of Data Processed
When you visit, follow, or interact with our LinkedIn page, LinkedIn processes your personal data. This includes data you have provided in your LinkedIn profile (e.g., job title, country, industry, seniority, company size, employment status). Additionally, LinkedIn records how you interact with our page, such as whether you follow Post-Punks or engage with our content.
These data are processed by LinkedIn and made available to us in aggregated, anonymized form as Page Insights. This means that we receive only statistical data on user interactions and cannot trace any data back to individual users.
b) Purpose of Processing
Post-Punks operates its LinkedIn page to expand its communication channels, complementing our website and other public relations efforts. Our presence on LinkedIn aims to:
1. Increase visibility among professionals and decision-makers in relevant industries
2. Strengthen relationships with current and potential partners
3. Provide updates on our work, insights, and industry trends
LinkedIn’s Page Insights help us understand how our LinkedIn content is received and enable us to improve our communication strategies.
c) Legal Basis for Processing
The processing of personal data in connection with our LinkedIn presence is based on:
1. User Consent (Art. 6 (1) (a) GDPR), if you voluntarily provide data through LinkedIn interactions
2. Legitimate Interest (Art. 6 (1) (f) GDPR), as we have an interest in effectively presenting our content and engaging with our professional audience on LinkedIn
It is important to note that you are not required to use LinkedIn to communicate with us or access our content. The same information can be found on our website: https://post-punks.com.
4. Agreement on Joint Responsibility with LinkedIn
Post-Punks and LinkedIn Ireland Unlimited Company have entered into a Joint Controller Agreement under Article 26 GDPR, which defines the responsibilities of both parties.
This agreement can be accessed at: LinkedIn Joint Controller Addendum.
Additionally, LinkedIn provides a Data Processing Agreement, available here: LinkedIn Data Processing Agreement.
According to this agreement:
1. LinkedIn is responsible for enabling you to exercise your data protection rights under GDPR. You can contact LinkedIn for this at LinkedIn Support or through the contact details in their privacy policy.
2. You can reach LinkedIn’s Data Protection Officer at: LinkedIn DPO Contact.
3. If you wish to assert your rights in relation to data processing on our LinkedIn page, you may also contact us.
4. The Irish Data Protection Commission (DPC) is the lead supervisory authority for LinkedIn. You have the right to file a complaint with the DPC (https://www.dataprotection.ie) or any other data protection authority.
5. Processing of Personal Data by LinkedInFor more details on how LinkedIn processes personal data, including processing purposes, legal bases, storage periods, and user rights, refer to the LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy.
a) Use of Cookies by LinkedInLinkedIn uses cookies (small text files stored on your device) to track and analyze user behavior. These cookies do not contain viruses and do not harm your device.
To learn more about which cookies LinkedIn uses and their purposes, see LinkedIn’s Cookie Policy: https://www.linkedin.com/legal/cookie-policy.
b) Data Transfers to Third CountriesAccording to LinkedIn’s privacy policy, personal data may be processed in the USA or other third countries. LinkedIn states that it transfers personal data only to countries that:
1. Have received an adequacy decision from the European Commission under Art. 45 GDPR
2. Are subject to appropriate safeguards under Art. 46 GDPR
For more details on LinkedIn’s data transfers, see: https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=en.
6. Additional Privacy Information for Post-Punks WebsiteFor details on how Post-Punks processes personal data through its website, please refer to our Website Privacy Policy at: https://post-punks.com/privacy-policy.
1. Introduction
Protecting your personal data is a priority for us. We process your data exclusively in accordance with applicable legal regulations, including the EU General Data Protection Regulation (GDPR) and relevant national laws. This privacy notice provides information about how personal data is processed when you visit or interact with our Instagram page: https://www.instagram.com/postpunks/.
Instagram is a photo and video sharing service operated by Meta Platforms, Inc. Personal data includes all information relating to an identified or identifiable individual.
2. Data Controller
The data controller is the entity that determines the purposes and means of processing personal data.
When you provide personal data directly to us via our Instagram page, and we alone determine how it is processed, the data controller is:
Post-Punks Email: bennet@post-punks.com
For Instagram-related data processing where Meta Platforms determines the purpose and means of processing, the responsible entity is:
Meta Platforms Ireland Ltd.4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Policy: https://www.instagram.com/legal/privacy/
For inquiries regarding data processing by Instagram/Meta, you may contact Meta’s Data Protection Officer via the contact form available on Meta’s website.
3. Scope of Data Processing
a) Data Processing by Instagram (Meta Platforms)
Meta (Instagram’s parent company) processes user data when you visit or interact with our Instagram page. This includes:
1. Profile details such as your username, job title, country, and interests
2. How you engage with our Instagram page (e.g., likes, comments, shares)
3. Device and browsing information (e.g., browser type, IP address, operating system)
For more information on how Instagram processes data, including the legal bases, data retention periods, and user rights, visit: Instagram Privacy Policy.
b) Use of Cookies by Instagram
When you visit our Instagram page and your browser allows cookies, Meta stores information using cookies (small text files stored on your device). These cookies track:
1. Your behavior across Meta’s platforms (Facebook, Instagram)
2. Your interactions with Instagram and third-party websites that use Meta technology
For more details about Instagram’s use of cookies and how to manage your settings, refer to the Instagram Cookie Policy.
Note: You can configure your browser to block cookies from Meta, but this may limit some Instagram features.
4. Data Processing on Our Instagram Page
Our Instagram page allows you to interact with our content, leave comments, and send us direct messages. Please carefully consider what personal information you share on Instagram. If you prefer not to share personal data via Instagram, feel free to contact us via email.
a) Types of Data We Can Access
Depending on your privacy settings, we may be able to see:
1. Your Instagram profile details
2. Your interactions with our posts (likes, comments, shares)
3. Any content you send via direct message
b) Legal Basis for Data Processing
The processing of your personal data when interacting with our Instagram page is based on:
1. Legitimate Interest (Art. 6 (1) (f) GDPR), as we have an interest in communicating with our audience and analyzing engagement
2. Contractual Necessity (Art. 6 (1) (b) GDPR), if your inquiry is related to entering into a business relationship
c) Purpose of Processing
We process this data to:
1. Communicate with our audience
2. Improve our social media engagement strategies
3. Provide insights into our company and activities
These purposes reflect our legitimate interest in maintaining an active presence on Instagram.
d) Data Retention
We delete data from our Instagram interactions when we no longer need it. If Meta retains your data beyond this, its storage and deletion policies are governed by Instagram’s privacy policies.
5. Instagram Insights – Anonymous Data Processing
As a Business Profile on Instagram, we receive Instagram Insights, which provide us with aggregated, anonymized statistics about our page’s visitors and interactions. These insights include:
1. The reach of our posts
2. Page visits and time spent on content
3. Engagement metrics (likes, comments, shares)
4. Demographic insights (age, gender, location)
We do not control the data collection process or influence how Instagram compiles these statistics. The data remains anonymous, meaning we cannot trace insights back to individual users.
For more details about how Meta processes Instagram Insights data, visit: Instagram Insights Privacy Info.
6. Your Rights as a Data Subject
As a data subject under GDPR, you have the following rights:
1. Right to Withdraw Consent (Art. 7 (3) GDPR): You can revoke your consent to data processing at any time.
2. Right to Access (Art. 15 GDPR): You can request information about the personal data processed about you.
3. Right to Rectification (Art. 16 GDPR): You can request corrections to incorrect or incomplete personal data.
4. Right to Erasure (Art. 17 GDPR): You can request the deletion of your personal data under certain conditions.
5. Right to Restriction of Processing (Art. 18 GDPR): You can request that processing be limited in specific circumstances.
6. Right to Data Portability (Art. 20 GDPR): You can request a copy of your data in a structured, commonly used format.
7. Right to Object (Art. 21 GDPR): You can object to data processing based on legitimate interests or direct marketing.
8. Right to Lodge a Complaint (Art. 77 GDPR) – If you believe your rights are being violated, you can file a complaint with a data protection authority.
Exercising Your Rights: Since Meta controls most Instagram data processing, you should contact Meta directly to exercise these rights. Meta’s Data Protection Officer can be reached via Meta’s Help Center.
7. Changes to This Privacy PolicyWe reserve the right to update this privacy policy in response to legal changes or adjustments to our Instagram presence. The most current version will always be available at: https://post-punks.com/privacy-policy.
1. Use of Third-Party Content and Features
We integrate functional and content elements into our online offering that are retrieved from external providers’ servers (third-party providers). These elements may include graphics, videos, social media buttons, and embedded posts (collectively referred to as “content”).
When such content is embedded, third-party providers must process users’ IP addresses to deliver the content to their browsers. Without the IP address, the content cannot be displayed. We strive to use only content from providers who use the IP address solely for content delivery. However, third-party providers may also use pixel tags (invisible graphics, also known as web beacons) for statistical or marketing purposes. Pixel tags allow providers to analyze visitor traffic on our website. This pseudonymous information may also be stored in cookies on users’ devices and may contain:
1. Technical details about browsers and operating systems
2. Referring websites
3. Access times
4. Other data related to the use of our website
This information may also be linked with other data sources.
2. Legal Basis for Processing
If we request user consent for the use of third-party providers, the processing of user data is based on consent (Art. 6 (1) (a) GDPR). If no consent is required, user data is processed based on our legitimate interests (Art. 6 (1) (f) GDPR), particularly in providing an efficient, cost-effective, and user-friendly online experience. Additionally, we refer to the cookie usage information provided in this privacy policy.
3. Types of Data Processed
1. Usage Data (e.g., visited websites, interest in content, access times)
2. Meta/Communication Data (e.g., device information, IP addresses)
3. Location Data (e.g., geolocation data of users’ devices)
4. Account Data (e.g., names, addresses)
5. Contact Data (e.g., email addresses, phone numbers)
6. Content Data (e.g., text entries, images, videos)
4. Data Subjects
This processing applies to users, including website visitors and users of online services.
5. Purpose of Processing
User data is processed for the following purposes:
1. Providing our online services and enhancing user experience
2. Fulfilling contractual obligations and providing support
3. Implementing security measures
4. Managing and responding to inquiries
6. Integrated Third-Party Services
Google Fonts
We use Google Fonts to ensure uniform and aesthetically pleasing typography. User data is processed solely for displaying fonts in users’ browsers. Our use of Google Fonts is based on legitimate interests (Art. 6 (1) (f) GDPR) in providing a secure, efficient, and legally compliant font solution.
Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Website: Google Fonts
Privacy Policy: Google Privacy Policy
Google Maps
We integrate Google Maps to provide interactive maps. The processed data may include IP addresses and location data, but this is only collected if users grant permission (e.g., through their device settings).
Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Website: Google Maps
Privacy Policy: Google Privacy Policy
Opt-Out:
1. Google Analytics Opt-Out Plugin: Disable Tracking
2. Google Ad Settings: Ad Preferences
YouTube Videos
We embed YouTube videos to provide multimedia content. YouTube processes user data, including IP addresses, and may store cookies on user devices to analyze viewing behavior.
Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Website: YouTube
Privacy Policy: Google Privacy Policy
Opt-Out:
1. Google Analytics Opt-Out Plugin: Disable Tracking
2. Google Ad Settings: Ad Preferences
7. User Rights and Opt-Out Options
Users can prevent data processing by adjusting their browser settings to disable cookies from third-party providers. However, doing so may limit functionality on our website.
For specific opt-out options, consider the following:
1. Google Services Opt-Out: Google Ad Preferences
2. Google Analytics Opt-Out Plugin: Disable Tracking
The data we process is deleted in accordance with legal regulations as soon as consent for processing is withdrawn or when other lawful bases for processing no longer apply (e.g., when the data is no longer necessary for its intended purpose).
If data is not deleted because it is still required for other legally permissible purposes, its processing will be restricted to these specific purposes. This means that the data will be blocked and will not be processed for any other reason. This applies, for example, to data that must be retained for commercial or tax reasons or data that must be stored for the establishment, exercise, or defense of legal claims or to protect the rights of another individual or legal entity.
Additional information on the deletion of personal data may also be provided in individual sections of this privacy policy.
Changes and Updates to This Privacy Policy
We encourage you to check this privacy policy regularly for updates. We will modify this policy as needed to reflect changes in data processing. If these changes require your consent or if an individual notification is legally required, we will inform you accordingly.
If this privacy policy includes contact information for companies or organizations, please note that these addresses may change over time. We recommend verifying the accuracy of contact details before reaching out.
Your Rights as a Data Subject
As a data subject under the GDPR, you have the following rights under Articles 15 to 18 and 21 GDPR:
Right to Object (Art. 21 GDPR)
You have the right to object at any time, for reasons related to your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to such processing, including profiling related to direct marketing.
Right to Withdraw Consent (Art. 7(3) GDPR)
You have the right to withdraw your consent at any time. This withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
Right of Access (Art. 15 GDPR)
You have the right to request confirmation of whether your data is being processed. You may also request access to your data and obtain further details, as well as a copy of the processed data.
Right to Rectification (Art. 16 GDPR)
You have the right to request the correction of inaccurate personal data or to have incomplete data completed.
Right to Erasure & Restriction of Processing (Art. 17 & 18 GDPR)
You have the right to request that your data be deleted, provided there are no legal grounds requiring its retention. Alternatively, you may request a restriction on the processing of your data.
Right to Data Portability (Art. 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that the data be transferred to another data controller.
Right to Lodge a Complaint (Art. 77 GDPR)
If you believe that the processing of your personal data violates data protection laws, you have the right to file a complaint with a data protection authority, particularly in the EU country where you reside, work, or where the alleged violation occurred.
Definitions of Key Terms
This section provides an overview of terms used in this privacy policy. Many terms are legally defined in Article 4 GDPR. The following explanations are intended to enhance understanding.
Conversion Tracking
Conversion tracking refers to a method for measuring the effectiveness of marketing campaigns. Typically, a cookie is stored on users’ devices when they interact with an advertisement. When they later visit the target website, the cookie is retrieved to determine whether the marketing activity led to a successful conversion (e.g., a purchase or signup).
Cross-Device Tracking
This tracking method links user behavior across multiple devices (e.g., smartphones, tablets, and desktop computers). Users are assigned an online identifier, allowing behavioral data to be analyzed for marketing purposes. Typically, this identifier is not associated with real names, addresses, or emails.
IP Masking
IP masking is a pseudonymization technique where the last segment of an IP address is removed to prevent user identification. This technique is often used in online marketing to improve privacy.
Interest-Based & Behavioral Marketing
This involves predicting user interests based on past behavior (e.g., browsing history, time spent on pages, purchases, or interactions with content). This data is stored in profiles and is often used for targeted advertising. Cookies are commonly used to collect this data.
Conversion Measurement
A technique for assessing the success of marketing efforts by storing cookies on a user’s device when they interact with an advertisement. When they visit the target website, the cookie is used to verify whether the marketing activity led to a conversion (e.g., purchase, registration).
Personal Data
“Personal data” includes any information related to an identified or identifiable natural person (“data subject”). A person is considered identifiable if they can be recognized by an identifier, such as a name, ID number, location data, or online identifiers like cookies.
Profiling
Profiling refers to the automated processing of personal data to analyze, predict, or evaluate aspects related to an individual. This may include age, gender, location, online behavior, purchase history, or social interactions. Cookies and web beacons are frequently used for profiling.
Web Analytics (Reach Measurement)
Web analytics tracks and analyzes visitor behavior on websites, helping site owners understand which content is most engaging. This data can help optimize website design and content. Cookies and web beacons are often used to identify returning visitors.
Remarketing (Retargeting)
Remarketing tracks user interests in specific products or services and reminds them of these items through ads on other websites. This technique helps encourage users to return to a site and complete an action (e.g., a purchase).
Tracking
Tracking refers to the monitoring of user behavior across multiple online platforms. Data such as interactions, interests, and browsing history are stored in cookies or on tracking servers. This data is often used for targeted advertising.
Controller
The data controller is the entity that determines how and why personal data is processed. It can be a natural person, company, authority, or other organization.
Processing
Processing refers to any operation involving personal data, whether automated or manual. This includes collection, storage, modification, retrieval, sharing, or deletion of data.
Custom Audiences & Lookalike Audiences
Custom audiences are specific target groups for advertising based on user interests and behavior. Lookalike audiences refer to new users whose profiles match those of an existing audience, increasing the likelihood that they will engage with similar ads. Cookies and web beacons are commonly used to create these audiences.
For further details or to exercise your rights, please contact us at bennet@post-punks.com.
