Data Protection Notice
This data protection declaration clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) as part of the provision of our services as well as within our online offer and the websites, functions, and content connected to it, as well as external online presences, e.g. our social media profile (hereinafter collectively referred to as the “online offer”). Concerning the terminology used, e.g. “Processing” or “responsible person”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (DGPR).
Types of data processed
– Inventory data (e.g. personal master data, names, or addresses).
– Contact details (e.g., email, telephone numbers).
– Content data (e.g. text entries, photographs, videos).
– Usage data (e.g. websites visited, interest in content, access times).
– Meta / communication data (e.g., device information, IP addresses).
Categories of data subjects
Visitors and users of the online offer (in the following we refer to the data subjects collectively as “users”).
Purpose of processing
– Providing the online offer, its functions, and content.
– Answering contact requests and communicating with users.
– Safety measures.
– Range measurement/marketing
Terminology / Used Terms
“Personal data” means all information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is considered to be identifiable if he or she can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, location data, an online identifier (e.g. cookie) or to one or more special features, expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
“Processing” is any process carried out with or without the help of automated processes or any such series of processes in connection with personal data. The term goes far and covers practically every handling of data.
“Pseudonymization” means the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.
“Profiling” means any type of automated processing of personal data, which consists in the fact that this personal data is used to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal Analyze or predict the preferences, interests, reliability, behavior, location or relocation of this natural person.
“Responsible person” is the natural or legal person, public authority, agency or other body that alone or together with others decides on the purposes and means of processing personal data.
“Processor” means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the person responsible
Under Art. 13 DGPR, we will inform you of the legal basis for our data processing. For users from the scope of the General Data Protection Regulation (DGPR), i.e. In the EU and the EEC, unless the legal basis is mentioned in the data protection declaration, the following applies:
The legal basis for obtaining consent is Art. 6 Para. 1 lit. a and Art. 7 DGPR;
The legal basis for processing for the performance of our services and implementation of contractual measures as well as answering inquiries is Art. 6 Para. 1 lit. b DGPR;
The legal basis for processing to fulfill our legal obligations is Art. 6 Para. 1 lit. c DGPR;
If vital interests of the data subject or another natural person require the processing of personal data, Art. 6 Para. 1 lit. d DGPR serves as a legal basis.
The legal basis for the processing required to perform a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible is Art. 6 Para. 1 lit. e DGPR.
The legal basis for processing to protect our legitimate interests is Art. 6 Para. 1 lit. f DGPR.
The processing of data for purposes other than those for which it was collected is determined under the provisions of Art. 6 (4) DGPR.
The processing of special categories of data (according to Art. 9 Para. 1 DGPR) is determined according to the stipulations of Art. 9 Para. 2 DGPR.
We take appropriate technical and organizational measures per the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances, and purposes of the processing, as well as the different occurrence and severity of the risk to the rights and freedoms of natural person Measures to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling the physical access to the data, as well as the access, input, transfer, securing of availability, and their separation. Furthermore, we have set up procedures that guarantee the exercise of data subject rights, deletion of data, and reaction to data threats. We also take the protection of personal data into account when developing or selecting hardware, software, and processes, per the principle of data protection through technology design and data protection-friendly default settings.
Cooperation with data processors and third parties
If we disclose data to other people and companies (processors, jointly responsible persons or third parties) as part of our processing, transmit them to them or otherwise give them access to the data, this will only be done based on legal permission (e.g. if the data is transmitted to third parties, such as payment service providers, is required to fulfill the contract), users have given their consent, a legal obligation provides for this or based on our legitimate interests (e.g. when using agents, web hosts, etc.).
If we disclose, transmit, or otherwise grant data to other companies in our group of companies, this is done in particular for administrative purposes as a legitimate interest and also on a basis that complies with the legal requirements.
Data Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or as part of the use of third-party services or disclosure, or transmission of data to other people or companies happens, this only happens if it happens to fulfill our (pre)-contractual obligations, based on your consent, based on a legal obligation or based on our legitimate interests. Subject to express consent or contractually required transmission, we process or leave the data only in third countries with a recognized data protection level, to which the US processors certified under the “Privacy Shield” belong or based on special guarantees, such as process contractual obligations through so-called standard protection clauses of the EU Commission, the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission).
Rights of the data subjects
Right to information: You have the right to request confirmation as to whether the data in question are being processed and to request information about this data as well as further information and a copy of the data per the legal requirements.
Right to rectification: you have accordingly. the legal requirements the right to request the completion of the data concerning you or the correction of the incorrect data concerning you.
Right to deletion and restriction of processing: Per the legal requirements, you have the right to request that the data in question be deleted immediately or, alternatively, to request that the processing of the data be restricted by the legal requirements.
Right to data portability: You have the right to receive data relating to you that you have provided to us in a structured, common, and machine-readable format under legal requirements or to request that it be transmitted to another person responsible.
Complaint to the supervisory authority: You also have the right to file a complaint with the competent supervisory authority per the legal requirements.
You have the right to withdraw your consent with future effect.
Right of Appeal
Right of objection: You have the right, for reasons that arise from your particular situation, at any time against the processing of your data, which is based on Art. 6 Para. 1 lit. e or f GDPR occurs to file an objection; this also applies to profiling based on these provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of your data for such advertising; this also applies to profiling insofar as it is connected to such direct advertising.
Cookies and right to object to direct mail
“Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit within an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie e.g. the content of a shopping cart in an online shop or a login status can be saved. Cookies are referred to as “permanent” or “persistent” and remain saved even after the browser is closed. For example, the login status is saved if the users visit it after several days. Such a cookie can also be used to store the interests of users who are used for range measurement or marketing purposes. A “third-party cookie” refers to cookies that are offered by providers other than the person responsible for the online offering (otherwise, if they are only their cookies, we speak of “first-party cookies”).
We can use temporary and permanent cookies and clarify this in the context of our data protection declaration.
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
Deletion of data
The data processed by us is deleted in accordance with the legal requirements or its processing is restricted. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no statutory retention requirements to prevent deletion.
If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data will be blocked and not processed for other purposes. This applies e.g. for data that must be kept for commercial or tax reasons.
Changes and updates to the data protection declaration
We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes make it necessary to act on your part (e.g. consent) or other individual notification.
When contacting us (for example, via contact form, e-mail, telephone or via social media), the information provided by the user for processing the contact request and processing it in accordance with. Art. 6 Para. 1 lit. b. (within the framework of contractual / pre-contractual relationships), Art. 6 para. 1 lit. f. (other inquiries) GDPR processed .. The information provided by users can be stored in a customer relationship management system (“CRM system”) or comparable inquiry organization.
We delete the requests if they are no longer necessary. We check the necessity every two years; Furthermore, the legal archiving obligations apply.
Hosting and emailing
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services that we use for the purpose of operating this online offer.
Here, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer based on our legitimate interests in the efficient and secure provision of this online offer in accordance with. Art. 6 Para. 1 lit. f GDPR in conjunction Art. 28 GDPR (conclusion of contract processing contract).
Collection of access data and log files
We, or our hosting provider, based on our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. GDPR data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider .
For security reasons (e.g. to investigate misuse or fraud), log file information is stored for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidence purposes are excluded from deletion until the respective incident has been finally clarified.
Online presence in social media
We maintain online presence within social networks and platforms to communicate with the customers, interested parties, and users active there and to be able to inform them about our services.
We would like to point out that data from users outside the European Union can be processed. This can result in risks for the user because e.g. enforcing users’ rights could be difficult. Concerning US providers who are certified under the Privacy Shield, we would like to point out that they are committed to complying with EU data protection standards.
Besides, user data is usually processed for market research and advertising purposes. For example, usage profiles are created from the user behavior and the resulting interests of the users. The usage profiles can in turn be used to e.g. Place advertisements inside and outside of the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the user behavior and interests of the users are stored. Furthermore, data can be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
The processing of users’ data takes place based on our legitimate interests in effective information for users and communication with users per. Art. 6 Para. 1 lit. f. GDPR. If the users of the respective platform providers are asked for their consent to the data processing described above, the legal basis for the processing is Art. 6 Para. 1 lit. a., Art. 7 GDPR.
For a detailed description of the respective processing and the possibilities of objection (opt-out), we refer to the information linked below by the provider.
Also in the case of requests for information and the assertion of user rights, we would like to point out that these can be most effectively asserted by the providers. Only the providers have access to user data and can take appropriate measures and provide information directly. If you still need help, you can contact us.
– Facebook, pages, groups, (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) based on an agreement on joint processing of personal data – data protection declaration: https://www.facebook.com / about / privacy /, especially for pages: https://www.facebook.com/legal/terms/information_about_page_insights_data, opt-out: https://www.facebook.com/settings?tab=ads and http: // www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
– Google / YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) – Data protection declaration: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated , Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
– Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Data protection declaration: https://twitter.com/de/privacy, opt-out: https://twitter.com/personalization , Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
Integration of services and content from third parties
We use content or service offers from third-party providers within our online offer based on our legitimate interests (ie interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. Services such as Include videos or fonts (hereinafter referred to as “content”).
This always presupposes that the third-party providers of this content perceive the IP address of the user since without the IP address they could not send the content to their browser. The IP address is therefore required to display this content. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and contain, among other things, technical information about the browser and operating system, referring websites, time of the visit and other information on the use of our online offer, as well as being linked to such information from other sources.
To the best of our knowledge, OpenStreetMap’s data is used exclusively for the purpose of displaying the map functions and temporarily storing the selected settings. This data can include, in particular, IP addresses and location data of the users, which, however, are not collected without their consent (usually as part of the settings of their mobile devices).
The data can be processed in the USA. Further information can be found in the data protection declaration of OpenStreetMap: https://wiki.openstreetmap.org/wiki/Privacy_Policy.
Use of Facebook social plugins
Based on our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Article 6 (1) (f) GDPR), we use social plugins (“plugins”) from the social network facebook.com, which operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”).
For this, e.g. Contents such as images, videos, or texts and buttons belong with which users can share the contents of this online offer within Facebook. The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user calls up a function of this online offer that contains such a plugin, his device establishes a direct connection to the Facebook servers. The content of the plug-in is transmitted from Facebook directly to the user’s device, which integrates it into the online offer. User profiles of the users can be created from the processed data. We, therefore, do not influence the scope of the data that Facebook collects with the help of this plugin and therefore informs the users according to our knowledge.
By integrating the plugins, Facebook receives the information that a user has called up the corresponding page of the online offer. If the user is logged into Facebook, Facebook can assign the visit to their Facebook account. If users interact with the plugins, for example by pressing the Like button or leaving a comment, the corresponding information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and save his IP address. According to Facebook, only an anonymized IP address is saved in Germany.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the related rights and setting options for protecting the privacy of users can be found in Facebook’s data protection information: https://www.facebook.com/about/privacy/ .
If a user is a Facebook member and does not want Facebook to collect data about him via this online offer and link it to his member data stored on Facebook, he must log out of Facebook before using our online offer and delete his cookies. Further settings and contradictions regarding the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US website http://www.aboutads.info / choices / or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
Functions and content of the LinkedIn service offered by the LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland can be integrated into our online offer. For this, e.g. Contents such as images, videos, or texts and buttons belong with which users can share the content of this online offer within LinkedIn. If the users are members of the LinkedIn platform, LinkedIn can call up the above. Assign content and functions to the user profiles there. Data protection declaration of LinkedIn: https://www.linkedin.com/legal/privacy-policy .. LinkedIn is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law (https: //www.privacyshield. gov / participant? id = a2zt0000000L0UZAA0 & status = Active). Data protection declaration: https://www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Shariff sharing functions
We use the privacy-protected “Shariff” buttons. “Shariff” was developed to enable more privacy on the net and to replace the usual “share” buttons of social networks. It is not the browser of the user, but the server on which this online offer is located that connects to the server of the respective social media platforms and asks e.g. the number of likes, etc. The user remains anonymous. You can find more information on the Shariff project from the developers of the magazine c’t: www.ct.de.
Created with Datenschutz-Generator.de by RA Dr. Thomas Schwenke
Update on May 24, 2020, Damian Berghof
Insofar as you have given your consent, Google Analytics is used on this website, a web analytics service provided by Google Ireland Limited (“Google”). Use includes the “Universal Analytics” operating mode. This makes it possible to assign data, sessions, and interactions across multiple devices to a pseudonymous user ID and thus analyze the activities of a user across devices.
Purposes of processing
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website activity and internet usage.
The legal basis for the use of Google Analytics is your consent per Art. 6 Para. 1 S.1 lit. a GDPR.
Recipients/categories of recipients
The recipient of the data collected is Google.
Transmission to third countries
The personal data is transferred to the USA under the EU-US Privacy Shield based on the adequacy decision of the European Commission. You can access the certificate here.
Duration of data storage
The data sent by us and linked with cookies, user IDs (e.g. user ID), or advertising IDs will be automatically deleted after 14 months. Data whose retention period has expired is automatically deleted once a month.
Rights of those affected
You can revoke your consent at any time with future effect by preventing the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case, you may not be able to use all functions of this website to their full extent.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser add-on. Opt-out cookies prevent the future collection of your data when you visit this website. To prevent the acquisition by Universal Analytics across different devices, you have to perform the opt-out on all used systems. If you click here, the opt-out cookie will be set: Deactivate Google Analytics
If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter . No further data is collected, or only on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
The data entered in the newsletter registration form will only be processed on the basis of your consent (Art. 6 Para. 1 a GDPR). You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing that has already taken place remains unaffected by the revocation.
The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after you unsubscribe from the newsletter. Data that we have stored for other purposes (e.g. e-mail addresses for the member area) remain unaffected.
This website uses Newsletter2Go to send newsletters. The provider is Newsletter2Go GmbH, Nürnberger Straße 8, 10787 Berlin, Germany.
Newsletter2Go is a service that, among other things, the dispatch of newsletters can be organized and analyzed. The data you enter for the purpose of subscribing to the newsletter will be stored on the servers of Newsletter2Go in Germany.
If you do not want to be analyzed by Newsletter2Go, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. You can also unsubscribe from the newsletter directly on the website.
Data analysis by Newsletter2Go
With the help of Newsletter2Go, we are able to analyze our newsletter campaigns. So we can e.g. see whether a newsletter message has been opened and which links may have been clicked. In this way we can determine which links have been clicked particularly often.
We can also see whether certain previously defined actions were carried out after opening / clicking (conversion rate). We can e.g. recognize whether you have made a purchase after clicking on the newsletter.
Newsletter2Go also enables us to divide the newsletter recipients into different categories (“cluster”). The newsletter recipients can e.g. divide by age, gender or place of residence. In this way, the newsletter can be better adapted to the respective target groups.
You can find detailed information on the functions of Newsletter2Go via the following link: https://www.newsletter2go.de/features/newsletter-software/.
Data processing is based on your consent (Art. 6 Para. 1 lit. a GDPR). You can withdraw this consent at any time. The legality of the data processing that has already taken place remains unaffected by the revocation.
The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after you unsubscribe from the newsletter both from our servers and from the servers of Newsletter2Go. Data that we have stored for other purposes (e.g. e-mail addresses for the member area) remain unaffected.
Conclusion of a contract for order data processing
We have concluded a contract with Newsletter2Go, in which we oblige Newsletter2Go to protect our customers’ data and not to pass them on to third parties.