Privacy Policy
Protecting your personal information is our top priority, which is why we only use your data in strict compliance with applicable data protection principles, in particular with the provisions of the EU General Data Protection Regulation (“GDPR”). We want to keep you fully informed now about how POINT BLANK processes personal data in accordance with the applicable laws (see Article 13 GDPR). Please read our privacy policy carefully. If you have any questions or comments about our privacy policy, you can always contact us at the e-mail address below.
1. Overview
The following privacy policy informs you about the nature and extent of the processing of personal data by Point Blank Research & Consultancy GmbH, Krausenstr. 8, 10117 Berlin (hereinafter “POINT BLANK”, “we”, “us” or “our”). Personal data is any information that allows an individual to be identified directly or indirectly. The use of our services, products, technologies or features, and all related pages, applications and services (collectively referred to as the “Services”), is governed by this Privacy Policy. Under the GDPR, you have various rights that you can assert with us. These include the right to selectively withdraw to the use of data, e.g. to receive our newsletter. The option to withdraw is highlighted in print. Further information on your rights can be found in the additional section below and in the individual descriptions of the respective data uses. If you have any questions about our Privacy Policy, you may contact our data privacy officer by e-mail at: privacy@point-blank.net.
2. Name and Contact Information for the Company Responsible for Data Processing
This privacy policy applies to the use of data by POINT BLANK GmbH, Krausenstr. 8, 10117 Berlin, as the responsible party under the GDPR for the following services: www.point-blank.net. The company may be reached at the aforementioned address or by e-mail at privacy@point-blank.net.
3. Purposes of Data Collection, Legal Basis and Legitimate Interests Pursued by Us or a Third Party, and Categories of Recipients
3.1. Accessing our website
If you access our website, the browser used on your device automatically sends information to our server and temporarily stores it in a log file. The following information is collected without your intervention and stored until it is automatically or manually deleted in the log file:
- Your device’s IP address
- Date and time of access
- The name and URL of the retrieved file, the website from which access was made (referrer URL)
- Your browser’s unique identifier
- The name of your Internet provider
The processing of the aforementioned data is based on Article 6(1) f) of the GDPR. Our legitimate interest arises from the uses listed below. At this point, we note that we are unable and do not attempt to draw any conclusions about your identity from the data collected. Your device’s IP address and the other information listed above are used by us for the following purposes:
- To ensure that a trouble-free connection can be established
- To ensure the convenient visit of our website
- To evaluate system security and stability
- Other administrative purposes
The data is stored in compliance with legally established data retention periods and then deleted automatically. We also use cookies, tracking tools, targeting methods and interfaces to other services such as social media platforms or payment processors. The exact procedures, and how your data will be used for this purpose, are explained in more detail in Section 4 below.
3.2. Data Processing for Customer Support or Customer Service
3.2.1 Newsletter
One of our Services is to offer prospective customers the opportunity to sign up for our newsletter. We use the double opt-in process to confirm that the e-mail address entered corresponds to the prospective customer. After the e-mail address is entered, we send you a confirmation link. Your e-mail address will only be included on our mailing list after you click on this confirmation link. We store the information collected during this process only for purposes of documentation and proof. This includes:
- The e-mail address you provide
- Your IP address
- The date and time of registration
- Form of address
- The date, content and time of the confirmation e-mail
- The IP address of the device used for the confirmation
- The date and time of your confirmation
The legal basis for this is Art. 6(1) a) GDPR. We retain the required personal information for the period specified by law. During this period (usually 10 years from the conclusion of the agreement), the data will only be processed again in the event of a tax audit. You can revoke your consent at any time with effect for the future. Simply click on the unsubscribe button in the respective e-mail or send a short note by e-mail. Please use the options to contact the company’s data privacy officer for this purpose.
3.2.2. Mailchimp
In order to manage our customers and our newsletter, we use the services of MailChimp’s newsletter delivery service, operated by Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA (“Mailchimp”), on the basis of Art. 6 (1) a) GDPR and Art. 6 (1) b) GDPR. Specifically, we use Mailchimp’s analysis module to compile our individual e-mail newsletter, which evaluates both your use of our newsletter and our website. Mailchimp offers us the possibility to check whether and how the sent newsletters are opened and used, e.g. to how many users an e-mail was sent, whether e-mails were rejected and whether users unsubscribed from the list after receiving an e-mail. For this purpose, we transmit to Mailchimp in particular the following personal data of the affected users:
- E-mail address
- Name, first name
- Company’s name
- Opt-ins to contact us
- Regional segment
- The provided information
The “web-beacon” contained in the newsletter is retrieved from the MailChimp server when the newsletter is opened. Within the scope of this retrieval, information about the browser, your system, your IP address and the time of retrieval is collected. In addition, information is collected on whether the newsletter is opened, when it is opened, and which links are clicked. For technical reasons, this information can be assigned to you as the recipient. However, it is not our intention to observe you as an individual user. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to all users or to send different content according to the interests of our users. The collection of this data is necessary so that we can trace the processes in the event of misuse of the e-mail address and therefore serves our legal protection. MailChimp uses this information to send and evaluate the newsletter. The evaluation takes place on our behalf, but MailChimp can also use the data for quality assurance and quality improvement of its own services. Your data will be stored on the servers of MailChimp in the USA. The USA is an insecure third country. MailChimp is certified according to the “Privacy Shield Framework” and thus meets the European standards for legally compliance for data processing. Additional information on MailChimp and data protection at MailChimp can be found in the MailChimp Privacy Policy and in the further explanations on the GDPR. If you have any questions, you can also contact MailChimp’s data protection officer directly. You can revoke your consent to the storage and use of your personal data to receive the newsletter and the statistical survey described above at any time with effect for the future and free of charge. For the purpose of revoking your consent, you can use the link provided for this purpose in the newsletter. Your data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. Your e-mail address will therefore be stored as long as the newsletter subscription is active.
3.2.3. Right to withdraw
You may object to the use of your data for the aforementioned purposes at any time free of charge for each communication channel and with effect for the future. An e-mail or a letter sent using the contact information shown under Section 2 is sufficient for this purpose. Once you submit your objection, we will block the relevant contact address for future advertising data processing. We will process your objection as soon as possible and implement the appropriate blocking measures immediately after it is confirmed. Please note that in some exceptional cases the relevant information or product recommendations may still be received even after receipt of your objection. This is simply due to technical reasons and does not mean your objection has not been processed. Thank you very much for your understanding.
4. Data Processing for the Provision of our Services
In this section, we inform you about the data processing necessary for the provision of our Services:
4.1. Online Presence and Website Optimization
We will not sell or lease your information to third parties for their marketing purposes without your explicit consent. We only disclose certain information to third parties from time to time to be able to offer the best possible product to our customers, improve the quality of our Services and protect the interests of our customers. However, this disclosure will always be subject to strict limitations, which are described in more detail below.
4.1.1. Cookies – General Information
We use cookies on our website in compliance with Art. 6(1) f) of the GDPR. Our interest in improving our Services is recognized as legitimate in the aforementioned provision. Cookies are small files generated automatically by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you use our Services. Cookies do not harm your device, and do not contain viruses, Trojans or other malware. Cookies contain information downloaded by the specific device. This does not mean, however, that we receive direct knowledge of your identity. One purpose of cookies is to make it more convenient for you to use our Services. For example, we use session cookies to track your use of the individual pages of our website or when you have logged on to your customer account. When you use our Services again at a later time, the cookie automatically recognizes your previous visit to the website, as well as your input and settings, so that you do not have to enter them again. To make the site more user friendly, we also use temporary cookies, which are stored on your device for a predetermined period of time. These cookies are automatically deleted when you log off. If you already have a customer account and are logged on, the information stored in the cookies are associated with that account. Another reason we use cookies is to gather statistics on the use of our Services and evaluate them in order to optimize your experience and to display information tailored to you. These cookies allow us to automatically recognize that you have visited our site before. The cookies are automatically deleted after a predefined period. Most browsers accept cookies automatically. However, you can disable cookies on your browser or choose to be notified when a new cookie is created. However, disabling cookies completely may mean that not all features of our Services will be available to you. The storage period of cookies depends on their purpose and may vary.
4.1.2. Google Tag Manager
We manage website tags (website code) with Google Tag Manager. These tags help us manage and continuously improve our Services and reduce your loading time. Google Tag Manager only implements website code. Google Tag Manager itself does not generate cookies or collect any personal information. It merely integrates website code that we have stored elsewhere that may be used to collect data. It is therefore only used to facilitate the management of the respective code, but does not itself access the data processed by the code. In this privacy policy, we inform you about all tags that are integrated in this way. Consult the relevant Google pages for more information about Google Tag Manager and user guidelines.
4.1.3. Google Analytics
For the custom design and continuous improvement of our Services, in compliance with Art. 6(1) f) of the GDPR, we use the web analytics service of Google Analytics of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”). Using cookies, Google creates pseudonymised user profiles. The information generated by the cookies for users includes:
- Browser type/version
- Operating system
- Referrer URL (previously visited page)
- Host name of the accessing computer (IP address)
- Time of the server request
This information is sent to a Google server in the U.S. and stored there. The information is used to evaluate the use of our Services, to compile reports on the activities, and to provide other related services for purposes of market research and customized design. This information may also be sent to third parties if required by law or if third parties process this data on behalf of Google. Under no circumstances will your IP address be merged with any other Google data. The IP addresses are anonymised so that assignment is not possible (IP masking). You can prevent the installation of the cookies in advance by configuring your browser software accordingly or object to the continued processing of your data with the cookies by clicking on the opt-out link. Please note that if you disable cookies, it will not be possible to fully take advantage of all of the features of our Services. You can also prevent Google from collecting and processing the data generated by the cookies and related to your usage (including your IP address) by downloading and installing this browser add-on or just clicking this link. On mobile devices, we recommend using private mode. You can find more information on protecting your privacy in relation to Google Analytics on the Google Analytics website.
5. Recipients outside the EU
As indicated above under 3.4 and 3.5, data may also be sent to recipients located outside the European Union or the European Economic Area. This applies in particular to the aforementioned processing of analysis and/or targeting technologies, which can result in data transmission to the servers of the service providers. Other recipients may be affiliated service providers that we need in order to provide our services, e.g. hosts, CRM tools, analytical service providers. These servers may be outside the EU, especially in the US. We make absolutely sure that these service providers guarantee data protection standards equivalent to those of the GDPR and that they comply with the applicable directives. Therefore, we only work with those service providers who are certified by the EU-US Privacy Shield Framework. In case number C(2016) 4176), the European Commission established the suitability of this data protection level for certification in compliance with Art. 45 of the GDPR. The use of these certified service providers thus meets European standards for lawful data processing. In addition, we have obtained suitable contractual guarantees from all service providers based in other EU countries that they are in compliance with these EU standards and protect the rights of affected persons, for example by using the standard contractual clauses of the European Commission.
6. Your Rights
6.1. Overview
In addition to the right at any time to withdraw any consent you have given us, you are also entitled to the following if the respective legal conditions are met:
- The right to be informed about your personal data that is stored with us, pursuant to Art. 15 of the GDPR
- In the event of transmissions covered by Art. 46, 47 or 49(1) 2) of the GDPR, the right to information, or references to suitable or appropriate guarantees that a copy of them can be obtained, or where they are available
- The right to correct inaccurate or incomplete data, pursuant to Art. 16 of the GDPR
- The right to the deletion of your personal information that is stored with us, pursuant to Art. 17 GDPR
- The right to limit the processing of your data, pursuant to Art. 18 of the GDPR
- The right to data portability, pursuant to Art. 20 of the GDPR.
6.2. Right to Object
Under the provisions of Art. 21(1) GDPR, the data subject has the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data. The foregoing general right to object applies to all processing purposes described in this Privacy Policy that are based on Article 6(1) f) GDPR. Unlike the special right to object to data processing for commercial purposes (see above under Section 3.3), we are only obliged to implement such a general objection under the GDPR if you state reasons of overriding importance (e.g. a potential risk to life or health). Furthermore, you may contact the supervisory authority responsible for us, which is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragten für Datenschutz und Informationsfreiheit), Friedrichstraße 219, 10969 Berlin.
7. Data Security
We apply the highest standards to data security for our infrastructure and the processing of your data. For example, we use protection mechanisms for computers such as firewalls and data encryption. Our buildings and data are subject to physical access controls. Access to the personal information of our customers is only possible for those employees who need them to carry out their activities. All personal data sent by you, including your payment information, is also transmitted using the generally accepted and secure TLS (Transport Layer Security) standard. TLS is a secure and proven standard, e.g. it is also used for online banking. You will recognize a secure TLS connection with the placement of an “s” at the end of http (i.e. https: // …) in the address bar of your browser, or with the lock icon at the bottom of the browser. We also apply suitable technical and organizational security measures to protect your personal data stored with us against manipulation, partial or complete loss, and against unauthorized access by third parties. Our security measures are continuously monitored using the latest technology, and regularly adapted to the relevant risk, and improved if necessary. In the event that personal data is compromised as a result of a breach of security, we will promptly notify those persons whose personal data has been compromised, in accordance with the notification procedures set forth in this Privacy Policy, or as otherwise required by applicable law.
8. Notification Procedures
It is our policy to provide notifications, whether such notifications are required by law or are for marketing or other business-related purposes, to you via e-mail notice, written or hard copy notice, or through conspicuous posting of such notice on our website page, as determined by us in our sole discretion. We reserve the right to determine the form and means of providing notifications to you, provided that you may opt out of certain means of notification as described in this Privacy Policy.
9. Changes to our Privacy Policy
If we change our Privacy Policy and procedures, we will post those changes on our website to keep you aware of what information we collect, how we use it and under what circumstances we may disclose it. Changes to this Privacy Policy are effective when they are posted on our website. This Privacy Policy was last modified on 20th January 2020.