Data Protection Statement
This data protection statement clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within the framework of our online offer and the websites, functions and content associated with it, as well as external online presence, such as our social media profiles. (hereinafter collectively referred to as “Online offer”). With regard to the terminology used, e.g. “processing” or “controller”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
+49 – (0) 2433 951808-0
+49 – (0) 2433-951808-12
Authorised shareholder representatives
Types of processed data:
– Personal data (e.g., names, addresses).
– Contact details (e.g., e-mail, phone numbers).
– Content data (e.g., text inputs, photographs, videos).
– Usage data (e.g., websites visited, interest in content, access times).
– Meta / communication data (e.g., device information, IP addresses).
Categories of data subjects
Visitors and users of the online offer (the data subjects are hereinafter collectively referred to as “users”).
Purpose of the processing
– Provision of the online offer, its functions and contents.
– Answering contact queries and communicating with users.
– Security measures.
– Reach measurement / Marketing
“Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); a natural person is considered as identifiable, insofar as he/she can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more special features, which express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
“Processing” refers to any process performed with or without the aid of automated procedures or any such process associated with personal data. The term is far reaching and encompasses virtually any given instance of the handling of data.
“Controller” refers to the natural or legal person, public authority, institution or other entity that decides, alone or in concert with others, on the purposes and means, of the processing of the personal data.
Relevant legal bases
In accordance with Art. 13 of the General Data Protection Regulation (GDPR), we herewith inform you about the legal basis of our data processing. Insofar as the legal basis is not mentioned in the data protection statement, the following applies: The legal basis for procuring consent is Art. 6 (1) lit. a and Art. 7 of the General Data Protection Regulation (GDPR), the legal basis for the processing for the purposes of the fulfilment of our services and the execution of contractual measures, as well as answering queries is Art. 6 (1) lit. b of the General Data Protection Regulation (GDPR), the legal basis for the processing for the purposes of the fulfilment of our legal obligations is Art. 6 (1) lit. c of the General Data Protection Regulation (GDPR), and the legal basis for the processing for the purposes of the safeguarding of our legitimate interests is Art. 6 (1) lit. f of the General Data Protection Regulation (GDPR). Insofar as vital interests of the data subject or any other natural person, render the processing of personal data necessary, Art. 6 (1) lit. d of the General Data Protection Regulation (GDPR), shall be deemed to apply as the legal basis.
Collaboration with order processors and third parties
Insofar as we within the framework of our processing of the data, disclose the data to other individuals and companies (order processors or third parties), transmit the data to them or otherwise grant them access to the data, this will only be effected on the basis of a statutory license (e.g. insofar as a transmission of the data to third parties is required, such as to payment service providers, pursuant to Art. 6 (1) lit. b of the General Data Protection Regulation (GDPR)), insofar as you have granted your consent hereto, insofar as it is required pursuant to a legal obligation, or based on our legitimate interests (e.g. in case of the deployment of commissioned agents, webhosts, etc.).
Insofar as we commission third parties to process data on the basis of a so-called ” commissioned data processing”, this is effected on the basis of Art. 28 of the General Data Protection Regulation (GDPR).
Transmission to third countries
Insofar as we process data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)), or insofar as the disclosure or transmission of data to third parties takes place within the framework of the use of third party services, this will only be effected insofar as it serves the purposes of the fulfilment of our (pre) contractual obligations, insofar as you have granted your consent hereto, insofar as it is required pursuant to a legal obligation, or based on our legitimate interests. Subject to statutory or contractual permission, we process or arrange to have the data processed in a third country only in compliance with the special provisions pursuant to Art. 44 et seq. of the General Data Protection Regulation (GDPR). This means the processing is effected e.g. on the basis of specific guarantees, such as the officially recognised specification of a level of data protection, which corresponds to that of the EU (e.g. in the case of the U.S., by the “Privacy Shield”), or in compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).
Rights of data subjects
You reserve the right to request for confirmation, with regard to whether there is data concerning you, which is being processed and for information about this personal data, as well as for further information and a copy of the data in accordance with Art. 15 of the General Data Protection Regulation (GDPR).
Pursuant to Art. 16 of the General Data Protection Regulation (GDPR) you reserve the right to demand the completion of your personal data, or the correction of your incorrect personal data.
Pursuant to Art. 17 of the General Data Protection Regulation (GDPR), you reserve the right to demand that the personal data be deleted immediately, or alternatively, in accordance with Art. 18 of the General Data Protection Regulation (GDPR), to demand for a restriction of the processing of the data.
You reserve the right to request the receipt of the personal data, which you have provisioned to us pursuant to Art. 20 of the General Data Protection Regulation (GDPR), as well as the transmission thereof to other controllers.
Furthermore, you reserve the right pursuant to Art. 77 of the General Data Protection Regulation (GDPR), to file a complaint with the competent supervisory authority.
Right of revocation
You reserve the right, to revoke granted consent, pursuant to Art. 7 (3) of the General Data Protection Regulation (GDPR), with effect for the future.
Right of objection
You reserve the right, pursuant to Art. 21 of the General Data Protection Regulation (GDPR), to at any given time, object to the future processing of your personal data. The objection may in particular be raised against processing for direct marketing purposes.
Cookies and right of objection in the case of direct marketing
“Cookies” are small files that are stored on the computers of users. Different sources of information can be stored within the cookies. A cookie is primarily used to store the information about a user (or respectively the device on which the cookie is stored) during or after his/her visit to an online offer. Temporary cookies, respectively “session cookies” or “transient cookies” refer to cookies, which are deleted after a user exits an online service and closes his/her browser. Stored in such a cookie can for example be the contents of a shopping cart in an online store or a login status. The term “permanent” or “persistent” refers to cookies, which remain stored even after the browser has been closed, thus, e.g. the login status remains saved, even if the user makes a return visit after several days. Likewise, stored in such a cookie may be the interests of the users, which are used for reach measurement or marketing purposes. A “third-party cookie” refers to cookies that are offered by other providers, other than the controller, who operates the online offer (otherwise, insofar as these only pertain to the cookies of the latter, these are referred to as “first-party cookies”).
We can use temporary and permanent cookies, which we have accordingly clarified within the framework of our data protection statement.
Insofar as users do not wish to have cookies stored on their computers, they are requested to disable the relevant option in the system settings of their browsers. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
Deletion of data
The data processed by us, is deleted or the processing thereof restricted, in accordance with Art. 17 and 18 of the General Data Protection Regulation (GDPR). Unless explicitly stated otherwise within the framework of this data protection statement, the data stored by us shall be deleted as soon as it is no longer required for the intended purpose and the deletion does not conflict with any statutory storage requirements. Insofar as the data is not deleted because it is required for other and legitimate purposes, its processing shall be restricted. This means that the data is blocked and cannot be processed for other purposes. This applies, for example to data, which must be stored for commercial or tax reasons.
According to the statutory provisions in Germany, the retention period is in particular 6 years pursuant to § 257 (1) of the German Commercial Code (HGB), (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and is 10 years pursuant to § 147 (1) of the Fiscal Code (AO) (books, records, management reports, accounting records, trade and business letters, documents relevant to taxation, etc.).
According to the statutory provisions in Austria, the retention period is in particular 7 years pursuant to § 132 (1) of the Federal Fiscal Code (BAO) (accounting documents, receipts / invoices, accounts, vouchers, business papers, statement of income and expenses, etc.), is 22 years in connection with land and is 10 years in the case of documents related to electronically rendered services, telecommunications, broadcasting and television services, rendered to non-entrepreneurs in EU Member States and which use the services of the Mini-One-Stop-Shop (MOSS).
The hosting services deployed by us, serve the purpose of provisioning the following services: infrastructure and platform services, computing capacity, storage and database services, security as well as technical maintenance services, which we use to operate this online service.
We or respectively our hosting provider hereby process personal data, contact details, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests, as well as on the basis of an efficient and secure provision of this online offer, pursuant to Art. 6 (1 ) lit. of the General Data Protection Regulation (GDPR), in conjunction with Art. 28 of the General Data Protection Regulation (GDPR) (Commissioned data processing completion).
Collection of access data and log files
We or respectively our hosting provider, collect on the basis of our legitimate interests within the meaning of Art. 6 (1) lit. f. of the General Data Protection Regulation (GDPR), data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the operating system of the user, referrer URL (the previously visited page), IP address and the requesting provider.
Logfile information is stored for security purposes (for example, to clarify abusive or fraudulent activities) for a maximum duration of 7 days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the deletion until final clarification of the respective incident.
Establishment of contact
In the case of the establishment of contact with us (for example, by means of the contact form, e-mail, telephone or via social media), the information provided by the user for the handling of the contact request and its execution is processed, pursuant to Article 6 (1) lit. b of the General Data Protection Regulation (GDPR). User information can thereby be stored in a Customer Relationship Management System (“CRM System”) or comparable request organisation.
We delete the queries insofar as they are no longer required. We cross-check the necessity every two years; Furthermore, the statutory archiving obligations apply.
By way of the following information, we hereby inform you about the contents of our newsletter as well as the registration, shipping and statistical evaluation procedures, as well as your right of objection. By subscribing to our newsletter, you consent to the receipt and the procedures described.
Content of the newsletter: We ship newsletters, e-mails and other electronic notifications with advertising information (hereinafter collectively referred to as “newsletter”) only with the consent of the recipient or a statutory license. Insofar as the contents of a newsletter are concretely described, they are deemed as authoritative for the consent of the users. Our newsletter moreover entails information about our services and us.
Double opt-in and logging: Registration for our newsletter is effected by way of a so-called double-opt-in procedure. This means that after registration, you will receive an e-mail prompting you to confirm your registration. This confirmation is necessary, so that nobody can register with an e-mail address of a third-party. The registration for the newsletter shall be logged, in order to prove the registration process according to the legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address. Likewise, changes to your data stored with the shipping service provider shall be logged.
Registration data: To subscribe to the newsletter, it is sufficient to provide your e-mail address. Optionally, we request you to provide a name, for the purposes of a personal address in the newsletter.
Germany: The shipping of the newsletter and the associated performance measurement is effected on the basis of the granted consent of the recipient pursuant to Art. 6 (1) lit. a, Art. 7 of the General Data Protection Regulation (GDPR) in conjunction with § 7 (2) No. 3 of the German Fair Trade Practices Act (UWG) or on the basis of the statutory license pursuant to § 7 (3) of the German Fair Trade Practices Act (UWG).
The logging of the registration procedure is effected on the basis of our legitimate interests pursuant to Art. 6 (1) lit. f of the General Data Protection Regulation (GDPR). Our interest is hereby focused on the deployment of a user-friendly as well as secure newsletter system, which serves both our business interests, as well as meets the expectations of the users and moreover also allows us to prove the procured consent.
Cancellation / Revocation – You can cancel the subscription of our newsletter at any given time, which means revoke your consent. A link for the cancellation of the subscription of the newsletter can be found at the end of every newsletter. We may save the submitted email addresses for up to three years on the basis of our legitimate interests before deleting them, for the purpose of the newsletter shipment, in order to provide evidence of the formerly procured consent. The processing of this data is restricted to the purpose of a possible defence against claims. An individual request for cancellation is possible at any given time, insofar as the former existence of a granted consent is concomitantly confirmed.
Newsletter – Shipping service provider
The shipping of this newsletter is effected by means of the shipping service provider [Newsletter2go GmbH, Köpenicker Straße 126, 10179 Berlin, Germany]. You can view the data protection provisions of the shipping service provider here: [LINK TO DATA PROTECTION PROVISIONS]. The shipping service provider is deployed on the basis of our legitimate interests, pursuant to Art. 6 (1) lit. f of the General Data Protection Regulation (GDPR) and a commissioned data processing, pursuant to Art. 28 (3) sentence 1 of the General Data Protection (GDPR).
The shipping service provider may use the data of the recipients in pseudonymous form, which means without assignment to a user, to optimise or improve its own services, e.g. for the technical optimisation of shipping and the presentation of newsletters or for statistical purposes. However, the shipping service provider may not use the data of our newsletter recipients to address them for its own purposes, or to pass the data on to third parties.
Newsletter – Success measurement
The newsletters entail a so-called “web-beacon”, i.e. a pixel-sized file, which is retrieved from the server when opening the newsletter from our server, or respectively insofar as we deploy a shipping service provider, from the server of the latter. Collected initially within the framework of the retrieval, is technical information, such as information about the browser and your system, as well as your IP address and time of retrieval.
This information is used to improve the technical performance of services, based on the technical data or the target groups and their reading habits, based on their retrieval locations (which can be determined using the IP address) or access times. Statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, it is possible that this information can be assigned to the individual newsletter recipients. However, it is neither our intention nor, insofar as it is deployed that the shipping service provider should monitor individual users. The analyses rather serve the purpose of enabling us to discern the reading habits of our users and to adapt our content accordingly or to ship different content according to the interests of our users.
Google is certified under the Privacy Shield Agreement, which provides a guarantee for compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google shall use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within the framework of this online offer, as well as to provide us with further services related to the use of this online offer and the internet usage. In this case, pseudonymous usage profiles of the users may thereby be created from the processed data.
We only use Google Analytics with activated IP anonymisation. This means that Google shall truncate the IP address of the users, within the member states of the European Union or in other contracting States of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
The IP address submitted by the browser of the user shall not be merged with other data on the user, held by Google. Users can prevent the storage of cookies through a corresponding setting in their browser software; Users may moreover also prevent the collection, of the data generated by the cookie and of the data related to their use of the online offer, by Google, as well as the processing of such data by Google, by downloading and installing the browser plug-in, available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
For further details about data use by Google, setting and objection options, please refer to the websites of Google: https://www.google.com/intl/de/policies/privacy/partners (“Use of data by Google in the case of your use of websites or apps of our partners”), http://www.google.com/policies/technologies/ads (“Use of data for advertising purposes”), http://www.google.de/settings/ads “Manage information Google uses to display you advertising”).
Online presence in social media
We maintain online presence within social networks and platforms in order to thereby actively communicate with customers, prospects and users, as well as to inform them about our services. In the case of the call-up of the respective networks and platforms, applicable are the terms and conditions, as well as the data processing provisions of the respective operators.
Unless otherwise stated within the framework of our data protection statement, we only process the data of users, insofar as they communicate with us within social networks and platforms, e.g. write posts on our online presence, or send us messages.
Use of Facebook social plugins
We use social plugins (“plugins”) on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer, within the meaning of Art. 6 (1) lit. f. of the General Data Protection Regulation (GDPR)). of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can constitute interaction elements or content (e.g. videos, graphics or text contributions) and can be discerned by one of the Facebook logos (white “f” on blue tile, the terms “Like”, “Like it” or a “thumbs up” sign) or are supplementary marked with the “Facebook Social Plugin”. The list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield Agreement, which provides a guarantee for compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user calls-up a function of this online offer which includes such a plugin, the device of the user thereby establishes a direct connection with the server of Facebook. Facebook transmits the content of the plugin directly to the device of the user, which is in turn incorporated by the device into the online offer. In the course of the procedure, user profiles can be created from the processed data. We therefore have no influence on the amount of data that Facebook collects with the help of this plugin and can therefore only inform the users according to the best of our knowledge.
Through the incorporation of the plugin, Facebook receives the information that a user has called-up the corresponding page of the online offer. Insofar as the user is still concomitantly logged-on to Facebook, Facebook can assign the visit to his Facebook account. Insofar as the user interacts with the plugin, for example, presses the Like button or leaves a comment, the information is transmitted from your device directly to Facebook and stored there. Insofar as a user is not a member of Facebook, there is still the possibility that Facebook may still be able to find out and save his/her IP address. According to Facebook, only an anonymous IP address is stored in Germany.
For further details on the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the related rights and setting options for protecting the privacy of users, please refer to the data protection information of Facebook: https://www.facebook.com/about/privacy/.
Insofar as a user is a Facebook member and does not want Facebook to collect data about him/her via this online offer and link it to his member data stored with Facebook, he/she must log-off from Facebook and delete his/her cookies before using our online offer. Other settings and objections regarding the use of data for advertising purposes are possible within the framework of the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the U.S. website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The settings are platform independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
Deployment and use of Instagram
The controller has integrated components of the service Instagram on this website. Instagram is a service that qualifies as an audio-visual platform, allowing users to share photos and videos, as well as to disseminate such data further to other social networks.
The operating company of the service from Instagram is the Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
In the case of each visit to one of the individual webpages of this website operated by the controller and on which an Instagram component (Instagram Button) has been incorporated, the respective Instagram component automatically triggers the internet browser to induce the information technology system of the data subject to download a representation of the corresponding component of Instagram. Within the framework of this technical procedure, Instagram is aware of which specific webpage of our website has been visited by the data subject.
Insofar as the data subject is concomitantly logged-on to Instagram, Instagram recognises with each visit to our website by the data subject and during the entire duration of the respective stay on our website which specific webpage the data subject visits. This information is collected through the Instagram component and assigned through Instagram, to the Instagram account of the data subject. Insofar as the data subject activates one of the Instagram buttons incorporated on our website, the thereby transmitted data and information transferred is assigned to the personal Instagram user account of the data subject and saved and processed by Instagram.
Through the Instagram component, Instagram always receives information that the data subject has visited our website, insofar as the data subject is concomitantly still logged-on to Instagram, when accessing our website; this happens regardless of whether the data subject clicks on the Instagram component or not. Insofar as the data subject does not want to transmit this information to Instagram, the latter can prevent the transmission by logging-off from his/her Instagram account before calling-up our website.
Deployment and use of Google-AdWords
The controller has incorporated Google AdWords on this website. Google AdWords is a service for Internet advertising, which allows advertisers to run both Google and Google Advertising Network search engine results. Google AdWords allows an advertiser to pre-set keywords that will exclusively only display an ad in the search engine results of Google, when the search engine retrieves a keyword-relevant search result. In the case of the Google Advertising Network, the ads are distributed across topic relevant websites based on an automated algorithm and in accordance with predetermined keywords.
The operating company of the services of Google AdWords is the Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is to promote our website, by displaying interest-relevant advertising on third-party websites and in the search engine results of Google’s search engine, as well as by displaying third-party advertisements in turn on our website.
Insofar as a data subject arrives on our website via a Google ad, a so-called conversion cookie will be stored on the information technology system of the data subject by Google. What cookies are, has already been explained above. A conversion cookie expires after thirty days and is not used to identify the data subject. Over the conversion cookie, insofar as the cookie has not yet expired, it is possible to trace whether specific webpages, such as the shopping cart of an online shop system, were called-up on our website. The conversion cookie allows both us and Google to ascertain whether a data subject, who accessed our website via an AdWords ad generated revenue, i.e. completed or aborted a shopping cart purchase.
The data and information collected through the use of the conversion cookie is used by Google to compile visit statistics for our website. These visit statistics are then used by us to determine the total number of users who have been mediated to us through AdWords ads, in order to determine the success or failure of each AdWords ad and to optimise our AdWords ads for the future. Neither our company nor any other advertiser of Google AdWords receives any information from Google, which could be used to identify the data subject.
The conversion cookie stores personal information, such as the websites visited by the data subject. Each time the data subject visits our website, his/her personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the USA. This personal data is stored by Google in the USA, whereby Google may under given circumstances, forward such personal data collected through the technical procedure, to third parties.
The data subject can prevent the setting of cookies through our website, as shown above, at any given time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the data subject. In addition, a cookie already set by Google AdWords can be deleted at any given time via the Internet browser or other software programs.
Furthermore, the data subject has the opportunity to object to Google’s interest-based advertising. To do this, the data subject must access the link www.google.de/settings/ads over the Internet browser used by the data subject and thereby effect the desired settings.
For further details, please refer to data protection provisions of Google under the link https://www.google.de/intl/de/policies/privacy/.
Use of webfonts
Compiled over the Data Protection Platform “Datenschutz-generator.de“,
by the Lawyer Thomas Schwenk (Dr.)