Information on the GDPR when using dpa-infocom products
Created by: Johanna Seitz
Modified on: Thu, 2 Apr, 2020 at 3:29 PM
Since 25 May 2018, the General Data Protection Regulation (GDPR) has been in force. The aim of the European Union is to regulate the processing of personal data by private companies and public bodies throughout the EU.
As a customer of dpa-infocom GmbH you will receive content and ready-to-publish products from us. These are produced in different units of dpa-infocom. We would like to provide you with bundled information on this subject and our services. All the following information therefore refers to these products:
- dpa-Weblines including the web graphics and other add-ons
The most important thing first: When using dpa-infocom products, no personal data will be processed in accordance with DSGVO. Therefore, according to our current assessment, you do not need an agreement on commissioned data processing (ODP) with dpa GmbH or dpa-infocom GmbH for the use of the products mentioned.
2. ways of supplying customers
We rely on FTP/SFTP, hosting and API access scenarios for our content distribution:
All dpa-infocom products delivered via FTP/SFTP with the Push and Pull methods do not contain any tracking codes. Even if articles or data are published automatically, we cannot collect any usage information as a result.
Hosting of embeds / API accesses
For all embed and API solutions, we rely on DSGVO-compliant service providers with whom we have concluded order processing contracts (AV). The service providers are thus obliged to take a number of security measures, train their employees, etc. Currently, we mainly use solutions from Amazon Web Services.
Our service providers store personal data, so-called IP addresses, in access protocols for a short period of time in order to ensure the operation of their systems - for example, to detect malfunctions and to fend off troublemakers. All these systems are located within the EU. In some cases, we process these access logs further - in this case, the IP addresses are deleted as the first processing step, so that no personal data are available in the further course of the process.
3. no collection of personal data
In principle, the following applies: dpa-infocom does not collect any personal data about the use and users when providing the products mentioned. If we use tracking procedures for information on the usability of web applications and user interest, we do not collect any personal data. Individuals cannot be tracked.
4. IVW tracking
dpa-SportsLive and dpa-ElectionsLive
If you integrate these products in which users interact, we offer an external interface (click.js) that allows you to store your IVW call or connect other tracking tools. This also makes the internal calls for new content by the user measurable for you. dpa-infocom does not store any information at this location. Via this interface it is possible to read cookies set by you or to transfer them to the function. You have access to this file and can make individual adjustments yourself.
On the configuration page of dpa-Live you can also specify an IVW code for the measurement of interactions. This code is also editable at any time and will not be used for measuring user data.
5. social media embeds
In our reporting we use the possibility to include tweets or posts from social networks. When your reader calls up the embed or interacts within the embed, the social networks may collect data, the processing of which is nevertheless also subject to the new guidelines. dpa-infocom does not track any personal data when embedding the postings.
Whenever a provider offers a do-not-track option for embedding its content, we use it. This means that no information about your website and users is transmitted. For example, Twitter has documented this option here: https://dev.twitter.com/web/overview/privacy
In principle, dpa-infocom will always use the most data-efficient embedding option of a provider.
6. social media sharing
In the environment of the above-mentioned products, in particular dpa-ElectionsLive, dpa-SportsLive and dpa-Webgraphics, we offer our customers the possibility to use sharing functionalities. This enables users to share text messages or widgets in social networks. At the same time, a backlink to the article is generated, which leads to an increase in your reach. This sharing functionality is initially not activated in our delivery and only becomes visible via a corresponding configuration parameter.
We do not use the plugins of the social networks for this sharing option, but link to the respective provider. Thereby certain information like content text and backlink are integrated into the link. This means that user-related data is only transferred to the third party provider after the user has consciously selected the link.
Attachment: Text module for the data protection declarations of dpa-Live customers
From case to case we use live blogs of dpa-infocom GmbH, Hamburg ("dpa-Live"). dpa-infocom GmbH offers us embeddable content ("Embed") which we incorporate into our website. dpa-infocom GmbH produces the Embeds using software from Sourcefabric, Berlin, which also hosts the Embeds on behalf of dpa-infocom. For this purpose, dpa-infocom GmbH has concluded an order processing contract (AV) with Sourcefabric in accordance with DSGVO. The service provider stores personal data only in the form of the so-called IP address and only for a short period of time in access protocols to ensure the operation of the systems - for example, to detect malfunctions and to fend off interferers. All these systems are located within the EU. In some cases, these access logs are further processed, in which the IP addresses are deleted as the first processing step, so that no personal data are available later. If personal data are processed for a short period, this is done in order to fulfil a contract (Art. 6 para. 1 b) DPA) or because the processing is necessary to safeguard legitimate interests (Art. 6 para. 1 f) DPA). If social media postings are used in the embeds, dpa-infocom always uses those embed options which largely prevent tracking of user data according to the specifications of the respective social media platform. This data processing is always carried out to protect our legitimate interests in the optimisation and economic operation of our website and is based on the legal basis of Art. 6 para. 1 f) DSGVO. You can find further information about the social media platforms here: https://dev.twitter.com/web/overview/privacy or here: https://support.google.com/youtube/answer/171780?hl=en
Did you find it helpful?
Sorry we couldn't be helpful. Help us improve this article with your feedback.