Are you interested in AI? 🔎 Discover our AI training courses.

Data Privacy Statement Social Media

Status: October 20, 2025

We use the social networks LinkedIn, Mastodon and BlueSky to provide users with information and/or to communicate with them. Below you will find information on how personal data is processed when you visit our company pages on social media networks.

I. Contact Details

1. Controller

Controller for data processing within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR):

socreatory GmbH
The Software Creators’ Academy
Krischerstr. 100
40789 Monheim am Rhein
Telefon: 02173 9939 810
E-Mail: info@socreatory.com

2. Data Prtotection Officer

We have appointed a data protection officer. You can reach him at:

B3 Datenschutz GmbH
Papenbergallee 34
25548 Kellinghusen
Tel: +49 4822 3663 000
E-Mail: ext-dsb@b3-datenschutz.de

II. Social Media Channels

We use various online platforms within social networks and process user data in this context in order to communicate with them or to provide information about us. We operate the following social media channels:

We would like to point out that when visiting these online platforms, user data may be processed in third countries outside the European Union. This may result in risks for the user, for example by making it more difficult to assert and enforce user rights.

In addition, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created on the basis of user behavior and the resulting interests of users. These usage profiles can then in turn be used, for example, to place advertisements within and outside the networks that correspond to the presumed interests of the users. Cookies and other tracking technologies are generally used for this purpose. Cookies are small text files that are stored on your device and can store information and preferences. These technologies enable us to analyse your use of our pages, measure the effectiveness of our content and personalize your experience. In addition, data may also be stored in the usage profiles independently of the devices used by the users (especially if the users are members of the respective platform and are logged in to it). By using our social media pages, you consent to the use of cookies and similar technologies. You can change your cookie settings at any time or reject cookies altogether.

You can find more detailed descriptions of the respective forms of processing and the possibility of asserting the rights of data subjects (in particular objection options, opt-out) in the data protection information of the operators of the respective platforms.

1. What data is collected?

When you visit our social media pages, the following types of data may be collected:

  • Contact details: e.g. name, e-mail address, telephone number if you contact us.
  • Content and posts: e.g. texts, images, videos that you post on our pages
  • Usage data: e.g. interactions (likes, comments, shares), timestamps, time spent on our pages
  • Technical data: e.g. IP address, device information, browser type.
  • Profile data: e.g. information from your public profile if you are logged in to the respective platform.
  • This data is used to offer and improve our services and to tailor them to your needs. We take the protection of your data seriously and only use it in accordance with the applicable data protection laws and our privacy policy. If you have any questions about our data collection, you are welcome to contact our data protection officer.

2. Purpose and legal basis of the processing

a) Contacting us

If you contact us, we will use your name and the information you provide to process and respond to your request. If you contact us via social media, we may also refer to other secure communication channels as required to ensure confidentiality. You can contact us at any time using the contact options listed above. We store your personal data for as long as it is required for the stated purpose or as long as there are statutory retention obligations. Public posts by you will normally remain in the timeline indefinitely, unless we delete them due to a topic update, a breach of guidelines or if you delete the post yourself. The legal basis for this data processing is based on Art. 6 para. 1 lit. b) and lit. f) of the GDPR. Our legitimate interest is to meet your information needs.

b) Community Functions

We offer various community functions on our social media channels, such as the option to write posts, leave comments or like or share posts. Please note that our social media channels are publicly accessible and any personal information you post can be viewed by other users. We have no control over how other users use this information. The data you enter as part of the community functions is collected and used exclusively to provide these functions. Your data is processed in accordance with Art. 6 para. 1 lit. b) or lit. f) of the GDPR. Content posted in the community areas can be stored indefinitely. If at any time you wish to have content you have posted removed, you can send us a message to this effect, for example by email to the address given above.

c) Recipients and transfer of data to third countries

We occasionally share and communicate about your content on our social media channels if this is a function of the respective channel. If you contact us via a social media channel, we may refer you to other secure communication channels to ensure confidentiality, depending on the required response. Initially, your data will be transmitted to the respective social media channel, which may pass it on to third parties for their own purposes and under their responsibility. In addition, publications are accessible to the public, potentially to anyone. We would like to point out that when data is processed by platform operators, data may be processed outside the EU, which may entail risks, e.g. for the enforcement of rights. Further information on this can be found in the privacy policy of the respective platform operator. We do not transfer data to third countries outside the European Economic Area or to international organizations unless appropriate safeguards are in place, such as the EU standard contractual clauses or an adequacy decision by the EU Commission.

d) Insights Functions

The legal basis for the processing of “Page Insights” by us is Art. 6 para. 1 lit. f) GDPR. We are pursuing legitimate business interests. We use the findings from the statistics provided by the social media network operators in order to

  • identify, monitor and analyze publicly accessible opinions, conversations, moods, trends or other interactions that are important for our business,
  • enter into a dialogue with users who interact with our topics, brands, services and products,
  • capture the image of our company,
  • better understand the needs of our customers or interest groups and thus be able to improve our products and services or our types of communication. The processing of personal data is carried out by the respective platform operator and us as joint controllers. You can find the joint controllership agreements at https://legal.linkedin.com/pages-joint-controller-addendum.

e) Further data collection via forms from webinar participants

We may use forms on the platforms of the social media network operator to collect data from webinar participants. The legal basis for this processing by us is Art. 6 para. 1 lit. b) GDPR. The data is stored for the duration of the webinar and then deleted.

3. Transfer of data / processing by the platform operators

LinkedIn may process some of the information collected outside the European Union in the USA. The USA are so-called unsafe third countries. A third country is considered unsafe if the EU Commission has not issued an adequacy decision for this country in accordance with Art. 45 para. 1 GDPR, confirming that there is adequate protection for personal data in the country.

LinkedIn: When you visit our LinkedIn page, certain information is processed by LinkedIn Ireland Unlimited Company. The sole controller for this processing of personal data is LinkedIn Ireland Unlimited Company. LinkedIn transmits data to LinkedIn Corporation 1000 W Maude Ave Sunnyvale, CA, US (hereinafter: LinkedIn Corporation) on the basis of standard contractual clauses approved by the European Commission. The LinkedIn Corporation has registered on the list of the EU-U.S. Data Privacy Framework in order to guarantee an adequate level of data protection. We have no influence on this processing. We ourselves do not pass on any personal data that we receive via our LinkedIn profile.

Mastodon: Mastodon is a decentralized social network that works similarly to Twitter, but without a central company behind it. Instead, Mastodon is based on so-called instances. An instance is a single server that runs the Mastodon software and allows users to create their accounts. Well-known examples are mastodon.social and chaos.social. Each instance is managed by its own operator, who is also solely responsible under the GDPR. This means that Mastodon gGmbH, based in Berlin, is responsible for mastodon.social, while the local operator is responsible for other instances. All instances are technically connected to each other, so users can interact with each other across instance boundaries. We maintain a presence on the Mastodon platform, specifically on the publicly operated instance mastodon.social. The provider of this instance is Mastodon gGmbH, represented by Eugen Rochko, based in Germany (Mastodon gGmbH, PorschestraĂźe 14, 38440 Wolfsburg, Germany). When you visit our presence there or interact with us, the platform operator processes personal data, including in particular your IP address, information about your device, your username (if applicable), and publicly visible profile data and posts. Data processing on Mastodon is federated, which means that posts, profile information, and interactions can also be viewed on other instances.

BlueSky: We maintain an online presence on the bsky.social platform, which is operated by Bluesky Public Benefit Corporation, based in the USA (548 Market St PMB 36522, San Francisco, California 94104-5401, USA). When you visit our profile there or interact with us, personal data is processed. This includes, in particular, your IP address, device information, and, if applicable, your username and publicly visible profile data. We have no influence on the type and scope of data processing by the platform provider. Please note that by using bsky.social, personal data may be transferred to a third country outside the European Union, in particular to the USA. The provider has not currently provided any publicly available information about appropriate safeguards within the meaning of Art. 46 GDPR, such as the conclusion of standard contractual clauses. Therefore, at this point in time, it cannot be assumed that the level of protection complies with European data protection standards. There is a risk that US authorities may access personal data without effective legal protection being available to those affected. Insofar as we process personal data ourselves within the scope of our presence on bsky.social, for example in messages, comments, or interactions with our account, this is done on the basis of our legitimate interest in external communication.

4. Joint controllership pursuant to Art. 26 GDPR

The platform operators and we act as joint controllers (within the meaning of the General Data Protection Regulation) for the web tracking methods used by the respective platform operator. These web tracking methods can be carried out regardless of whether you are logged in or registered with the social media platform. We have little influence on the web tracking methods of the social media platform and, in particular, cannot switch them off. We are only provided with anonymized statistics by the platform operator and we have no access to personal data processed by the platform operator. The legal basis for the web tracking methods is Art. 6 para. 1 lit. f) of the GDPR. Our legitimate interest is to optimize our social media channel. To exercise your rights regarding the prevention of these web tracking methods, you can refer to the privacy policies of the above-mentioned platform operators.

There is no joint responsibility with Mastodon because: * the provider Mastodon gGmbH operates the mastodon.social instance independently, * other users do not have access to third-party personal usage data, * there are no evaluation or analysis functions (such as Facebook Insights), * and no technical co-decision-making regarding the type of data processing is possible. The processing of personal data is carried out exclusively under the responsibility of Mastodon gGmbH. According to the current assessment, there is no joint responsibility with external profile owners.

There is also no joint responsibility with Bluesky, as: * the provider Bluesky operates the platform on its own responsibility, * other users do not have access to third-party personal usage data, * there are no evaluation or analysis functions (such as Facebook Insights), * and no technical co-decision on the type of data processing is possible. The processing of personal data is carried out exclusively under the responsibility of Bluesky. Based on current assessments, there is no joint responsibility with external profile ownersAccording to current information, the new Bluesky privacy policy that came into effect on September 15, 2025, does not contain any changes that would establish joint responsibility. Should Bluesky introduce functions such as usage statistics or tracking options for profile owners in the future, w According to current information, the new Bluesky privacy policy that came into effect on September 15, 2025, does not contain any changes that would establish joint responsibility. Should Bluesky introduce functions such as usage statistics or tracking options for profile owners in the future,

III. Your data protection rights

Under certain circumstances, you can assert your data protection rights against us. To exercise your rights, simply send a message to our data protection officer (see contact details). Your rights include

  • the right to withdraw consent pursuant to Art. 7 (3) GDPR,
  • the right of access pursuant to Art. 15 GDPR,
  • the right to rectification pursuant to Art. 16 GDPR,
  • the right to erasure pursuant to Art. 17 GDPR,
  • the right to restriction of processing pursuant to Art. 18 GDPR
  • the right to data portability pursuant to Art. 20 GDPR.
  • the right to object pursuant to Art. 21 GDPR (see below)

In addition, you have the right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the supervisory authority responsible for us. We reserve the right to update or amend this privacy policy at any time. Any changes will be posted on this page and we recommend that you check the privacy policy regularly to stay informed of any changes. By continuing to use our social media pages after changes have been posted, you agree to the revised Privacy Policy.