We are very delighted that you have shown interest in our enterprise and our website. Data protection is of a particularly high priority for the management of the In a nutshell – kurzgesagt GmbH. The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the In a nutshell – kurzgesagt GmbH. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process.
The legal standards require comprehensive transparency regarding the processing of personal data. Only if the processing is comprehensible to you as the data subject, you are sufficiently informed about the meaning, purpose and scope of the data processing. Below we therefore inform you in detail about the way your data is handled when using this website and your rights regarding your personal data.
Should you have any further questions regarding data protection, please do not hesitate to contact us by e-mail at firstname.lastname@example.org.
- Name and Address of the controller
Controller for the purposes of the GDPR (in particular pursuant to Art. 4 (7) GDPR), other data protection laws applicable in member states of the European Union and other provisions related to data protection is:
In a nutshell – kurzgesagt GmbH
Managing Director Philipp Dettmer
Landwehrstraße 39 – rear building
- Data Protection Officer (DPO)
In a nutshell – kurzgesagt GmbH
Landwehrstraße 39 – rear building
- General information on data processing
The use of the websites of the In a nutshell – kurzgesagt GmbH is generally possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary (e.g. contact form, newsletter subscription). If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.
Please note that links and features on our website may take you to other websites which are not operated by us but by third parties (e.g. shop, blog, patreons). Such links are either clearly marked by us or are recognizable by an obvious change in the address line of your web browser. We are not responsible or liable for compliance with the respective data protection regulations and safe handling of your personal data on these websites operated by third parties.
- Processing during the use of the website
The website of the In a nutshell – kurzgesagt GmbH collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. The following information is recorded and stored until it is automatically deleted:
- the browser types and versions used,
- the operating system used by the accessing system,
- the website from which an accessing system reaches our website (so-called referrers),
- the sub-websites,
- the date and time of access to the Internet site,
- an Internet protocol address (IP address),
- the Internet service provider of the accessing system, and
- any other similar data and information that may be used in the event of attacks on our information technology systems.
When using these general data and information, the In a nutshell – kurzgesagt GmbH does not draw any conclusions about the data subject. The mentioned data will be processed by us for the following purposes:
- deliver the content of our website correctly,
- optimize the content of our website as well as its advertisement,
- ensure the long-term viability of our information technology systems and website technology, and
- provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
The legal basis for data processing is Art. 6 (1) (1) (f) GDPR. Our legitimate interest follows from the aforementioned purposes of data collection. Therefore, the In a nutshell – kurzgesagt GmbH analyses anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject. We do not combine this personal data with other data sources. Disclosure only takes place if it is necessary for the operation of our website, e.g. by storing it with our host provider. A transfer to a third country or to an international organization is not intended.
- Processing by using individual services via our website
Various services are available on our website, where we collect personal data from you if you decide to use them.
- Contact form / Contact us by e-mail
If you use the contact form on our website or send us an e-mail, we will process the personal data you provide us. This information is transmitted by your browser or e-mail client and processed in our IT systems. The processing of this personal data is necessary to answer your request. In addition, your IP address and the date and time of the contact request will be stored.
The processing of your personal data serves to answer your request and to prevent abuse of the contact form and to guarantee the security of our IT systems. These processing operations are lawful because the reply to your request and the protection of our IT systems represent legitimate interests within the meaning of Art. 6 (1) (1) (f) GDPR. If a contract is concluded after you have contacted us, the processing is also legal pursuant to Art. 6 (1) (1) (b) GDPR.
The personal data will be processed as long as necessary to respond to your request. Should your request lead to a later conclusion of the contract, processing will take place as long as this is necessary to carry out pre-contractual measures or to fulfil the contract. We do not merge your personal data with other data sources. Your personal data will not be disclosed to third parties. A transfer to a third country or to an international organization is not intended. You are not obliged to provide your personal data, but it is not possible to use the contact form or send an e-mail without providing it.
If you have explicitly given your consent according to Art. 6 (1) (1) (a) GDPR, we will use your e-mail address to send you our newsletter on a regular basis. The input mask used for this purpose determines what personal data are transmitted, as well as when the newsletter is subscribed.
The In a nutshell – kurzgesagt GmbH informs its customers and business partners regularly by means of a newsletter about enterprise offers. The enterprise’s newsletter may only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject properly subscribes for the newsletter mailing. A confirmation e-mail will be sent to the e-mail address registered by a data subject for the first time for newsletter mailing, for legal reasons, in the so called double opt-in procedure. This confirmation e-mail is used to prove whether the owner of the e-mail address as the data subject is authorized to receive the newsletter.
During the registration for the newsletter, we also store the IP address of the computer system assigned by the internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller.
The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription to our newsletter may be terminated or unsubscribed by the data subject at any time. The consent to the storage of personal data, which the data subject has given for the newsletter mailing, may be revoked at any time free of charge. For the purpose of revocation of consent, a corresponding link is found at the bottom of each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on our website, or to communicate this to us in a different way, e.g. by e-mail or mail.
- Applications and the application procedures
We collect and process the personal data of applicants for the purpose of the processing of the application procedure. The processing may also be carried out electronically. This is the case, in particular, if an applicant submits corresponding application documents by e-mail or by means of a web form on the website to us. If we conclude an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant by us, the application documents will be automatically erased six (6) months after notification of the refusal decision, provided that no other legitimate interests of us are opposed to the erasure. These processing operations are lawful because the reply to your application represent legitimate interests within the meaning of Art. 6 (1) (1) (f) GDPR. If a contract is concluded after you have contacted us, the processing is also legal pursuant to Art. 6 (1) (1) (b) GDPR. Other legitimate interest in this relation is, e.g. a burden of proof in a procedure under the General Equal Treatment Act (AGG).
- Data transmission
Your personal data will not be transmitted to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if:
- you have given your explicit consent pursuant to Art. 6 (1) (1) (a) GDPR,
- the disclosure pursuant to Art. 6 (1) (1) (f) GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection not disclosing your data,
- in the event that a legal obligation exists for the transfer pursuant to Art. 6 (1) (1) (c) GDPR,
- this is legally permissible and required by Art. 6 (1) (1) (b) GDPR for the processing of contractual relationships with you, or
- this is done to a service provider acting on our behalf and on our exclusive instructions, whom we have carefully selected (Art. 28 (1) GDPR) and with whom we have concluded a corresponding contract for order processing (Art. 28 (3) GDPR), which obliges our contractor, among other things, to implement appropriate safety measures and grants us comprehensive control powers.
Transmission to the service providers referred to in point (e) for the purpose of order processing shall take place in the following areas: technical provision and programming of the website, user communication, provision of software as a service.
Most browsers automatically accept Cookies. However, you can configure your browser so that no Cookies are stored on your computer or a message always appears before a new Cookie is created. The complete deactivation of Cookies can lead to the fact that you cannot use all functions of our website. The following links provide information on this option for the most frequently used browsers:
- Microsoft Internet-Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
- Mozilla Firefox: https://support.mozilla.org/de/kb/Cookies-blockieren
- Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=de
- Safari: https://support.apple.com/kb/ph21411?locale=de_DE
- Google Analytics
For the purpose of demand-oriented design and continuous optimization of our website, we use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymized user profiles are created and Cookies are used (see No. 7). The information generated by the Cookie about your use of this website such as
- Browser type/version,
- operating system used,
- referrer URL (the previously visited page),
- host name of the accessing computer (IP address) and
- time of the server request
are transferred from your browser to a Google server in the USA and stored on Google servers.
Google Analytics is used for statistical purposes of our website, to evaluate them for the purpose of optimizing our offer for you and to further develop our offer and in particular our website. This constitutes a legitimate interest within the meaning of Art. 6 (1) (1) (f) GDPR. Data transmission to the USA is in accordance with EU Commission Decision 2016/1250 (EU-US Data Protection Shield). If your browser does not support Google Analytics or you deactivate this function, no data transfer takes place.
The pseudonymized user profiles are deleted after 14 months. The information is used to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the use of the website and the Internet for the purposes of market research and demand-oriented design of these websites. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of the company. Under no circumstances will your IP address be merged with other data from Google. The IP addresses are anonymized so that an assignment is not possible (IP masking). You can prevent the installation of cookies by setting your browser software accordingly (DO-NOT-TRACK).
You can also prevent the collection of data generated by the Cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en). For more information about privacy in connection with Google Analytics, please visit the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=en).
Google Tag Manager
- Google Web Fonts
When visiting our website, so-called web fonts are downloaded for the uniform display of fonts. This content is provided by Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). When accessing our website, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. To do this, the browser you are using must connect to Google’s servers. This gives Google knowledge that our website has been accessed via your IP address.
Google Web Fonts are used for the purpose of uniform and appealing presentation of our website. This constitutes a legitimate interest within the meaning of Art. 6 (1) (1) (f) GDPR. Data transmission to the USA is in accordance with EU Commission Decision 2016/1250 (EU-US Data Protection Shield). If your browser does not support web fonts or you deactivate this function, no data transfer takes place.
For more information about Google Web Fonts, visit https://developers.google.com/fonts/.
- Google reCAPTCHA
On our website we are using Google reCAPTCHA (“reCAPTCHA”). This content is provided by Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). reCAPTCHA is a free service that protects our website from spam and abuse. It uses advanced risk analysis techniques to tell humans and bots apart. With the new API, a significant number of our valid human users will pass the reCAPTCHA challenge without having to solve a CAPTCHA.
reCAPTCHA is used to prevent abuse of the contact form and to guarantee the security of our IT systems of our website. This constitutes a legitimate interest within the meaning of Art. 6 (1) (1) (f) GDPR. Data transmission to the USA is in accordance with EU Commission Decision 2016/1250 (EU-US Data Protection Shield). If your browser does not support Google reCAPTCHA or you deactivate this function, no data transfer takes place.
For more information about Google reCAPTCHA, visit https://developers.google.com/recaptcha/.
The newsletter of the In a nutshell – kurzgesagt GmbH contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the In a nutshell – kurzgesagt GmbH may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects.
Such personal data collected in the tracking pixels contained in the newsletters are stored and analyzed by us in order to optimize the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke the respective separate declaration of consent issued by means of the double-opt-in procedure. After a revocation, these personal data will be deleted by us. The In a nutshell – kurzgesagt GmbH automatically regards a withdrawal from the receipt of the newsletter as a revocation.
- Integration of social media
On the basis of Art. 6 (1) (1) (f) GDPR we use the social networks YouTube, Twitter, Facebook, Instagram, Patreon, Reddit and Bēhance in order to make our website better known and to interact with our target groups. Responsibility for the data protection-compliant operation of these services is guaranteed by the respective provider. We integrate these services exclusively via a link so that visitors to our website have the best possible control over their personal data.
These social networks are operated exclusively by third parties, some of whom have their register office outside the E.U. or the EEA – there may therefore be no adequate level of data protection in accordance with the GDPR. The browser plug-ins and links on our website are identified by logos or other references. When you visit our website, which contains such a browser plug-in, a connection is automatically established between your device (browser) and the servers of the respective social network. This forwards the information that you have visited our website to the social network. If you are logged in to the social network via your personal user account or during your visit to our website, your visit to our website will be assigned to your account. By interacting with browser plug-ins or links, e.g. by pressing a “like” button or leaving a comment, this information is transmitted to the respective social network and stored there. The allocation of the data to your account can therefore be prevented on the one hand by logging out of your account (of the respective social network) before visiting our website. On the other hand, you can also completely prevent the loading of the respective plug-ins with an add-on for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).
The purpose and scope of data collection through social networks as well as the further processing and use of your data and your rights and setting options for the protection of your privacy can be found in the respective data protection information of the operators:
Provider: Google Inc., Amphitheater Parkway, Mountain View, CA 94043, USA
Provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Provider: Facebook Inc., 1601 Willow Road, Nelo Park, CA 94025, USA
Provider: Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA
Provider: Patreon Inc., 230 9th Street, San Francisco, CA 94103, USA
Provider: Reddit, Inc., 548 Market St. #16093, San Francisco, CA 94104, USA
Provider: Behance HQ, 532 Broadway (at Spring St), New York City, NY 10012, USA
- Rights of affected persons
- Right of access, Art. 15 GDPR
You shall request confirmation, whether the In a nutshell – kurzgesagt GmbH is processing your personal data. In a nutshell – kurzgesagt GmbH shall require proof of identity in accordance with its security procedures, before disclosing information. We shall provide you with the following information without undue delay, at the latest within one month:
- the purposes of the processing,
- the categories of personal data concerned,
- the recipients or categories of recipient to whom the personal data have been or will be disclosed,
- the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,
- the right of rectification or erasure of personal data or restriction of processing of personal data or to object to such processing,
- the right to lodge a complaint with a supervisory authority,
- where the personal data are not collected from the data subject, any available information as to their source,
- the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you,
- where personal data are transferred to a third country or to an international organization: information of the appropriate safeguards relating to the transfer.
At any time, you shall request information under the contact details mentioned (by e-mail or regular mail) free of charge. There are no other costs than the postage or usual transmission costs. We provide you with a copy of all data processed by us in a common electronic format (e.g. PDF, DOC, RTF, etc.). The processing of inquiries can be refused if they are offensive/annoying, endanger the personal rights of others, are extremely impracticable or otherwise if the provision of information is not provided for under the respective legal system. If we refuse to provide you with information, you will be informed of the reasons for this refusal.
- Right to rectification, Art. 16 GDPR
You shall have the right to obtain without undue delay the rectification of inaccurate personal data. Furthermore, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement (by e-mail or regular mail).
If you contest the accuracy of the personal data, we are obliged to restrict the processing of the respective data (“restriction”). The restriction continues until we have determined whether the respective data is correct or incorrect.
- Right to restriction of processing, Art. 18 GDPR
You shall have the right to obtain restriction of processing where one of the following applies:
- the accuracy of the personal data is contested (see sec. 10 (b)),
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead,
- the In a nutshell – kurzgesagt GmbH no longer needs the personal data for the purposes of the processing, but they are required for the establishment, exercise or defense of legal claims,
- you objected to processing pursuant to sec. 10 (d) (Article 21(1) GDPR) pending the verification which legitimate grounds override.
For the duration of the restriction, personal data may only be processed with your consent, with the exception of storage. Consent may be refused. For the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest, the data can be processed without consent. We will inform you before the restriction of processing is lifted.
- Right to erasure (“right to be forgotten”), Art. 17 GDPR
You shall have the right to obtain the erasure of personal data without undue delay where the personal data are no longer necessary in relation to the purposes for which they were processed. The same applies, where you withdraw consent, and where there is no other legal ground for the processing. You also can object to the processing. The personal data have to be erased if they have been unlawfully processed or for compliance with a legal obligation in European Union or Member State law.
You shall have a right to access (see sec. 10 (a)). You can request the erasure by e-mail or regular mail from us under the contact details mentioned in sec. 1. There are no further costs than the usual postage or transmission costs.
If the In a nutshell – kurzgesagt GmbH has published personal data, it will also inform third parties about the request for erasure.
The right to erasure shall not apply to the extent that processing is necessary for exercising the right of freedom of expression and information, or for reasons of public interest in the area of public health. There is also no obligation to erasure for compliance with a legal obligation which requires processing by Union or Member State law or for the performance of a task carried out in the public interest. Also, there shall be no erasure for the establishment, exercise or defense of legal claims. As well as for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, if it is likely to render impossible or seriously impair the achievement of the objectives of that processing.
- Right to data portability, Art. 20 GDPR
You shall have the right to receive the personal data, which you have provided to the In a nutshell – kurzgesagt GmbH, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, e.g. by a direct download. We shall not interfere with data transmission. You can request data transmission by e-mail or regular mail. There are no further costs than the usual postage or transmission costs. We shall process your application without undue delay, at the latest within one month after receipt of the application. In case of rejection, you shall receive a reason.
- Right to object, Art. 21 GDPR
You shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data. The In a nutshell – kurzgesagt GmbH shall no longer process the personal data unless there is a real threat of serious harm. Where you object to processing for direct marketing purposes (e-mail advertising), the personal data shall no longer be processed for such purposes. You can object by e-mail or regular mail. There are no further costs than the usual postage or transmission costs. We shall process your application without undue delay, at the latest within one month after receipt of the application. In case of rejection, you shall receive a reason.
- Right to lodge a complaint with a supervisory board, Art. 77 GDPR
You shall have the right to lodge a complaint with a supervisory authority, if you consider that the processing of personal data infringes the provisions of GDPR. In case of the In a nutshell – kurzgesagt GmbH:
The Bavarian Commissioner for Data Protection
Phone: +49 89 (0) 212 672-0
- Routine erasure and blocking of personal data
We process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to. The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
- Profiling / Automatic decision-making
As a responsible company, we do not use profiling or automatic decision-making.
- Data Security
We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. Usually this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form is indicated by the closed display of the key or lock symbol in the lower status bar of your browser.
As the controller, the In a nutshell – kurzgesagt GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.
- Changes of Terms and Conditions
Version: July 2018