1. Data protection at a glance
Data collection on this website
Who is responsible for the collection of data on this website?
How do we collect your data?
On the one hand, your data is collected if you provide us with it. For example, this could be data you enter into a contact form.
Other data is recorded by our IT systems when you visit our website, either automatically or after you have granted permission. This is predominantly technical information (for example internet browser, operating system and the time the page was requested). This information is recorded automatically as soon as you visit our website.
What do we use your data for?
Some of this data is collected in order to ensure the website is presented without errors. Other data can be used to analyse your user behaviour.
What rights do you have in respect of your data?
At all times, you have the right to receive, free of charge, information on the origin and recipient of your stored personal data, as well as on the purpose it is used for. You also have the right to demand that this data be corrected or deleted. If you have granted permission for processing of your personal data, you can revoke this permission for future effect. Furthermore, in certain circumstances you also have the right to demand that this processing of your personal data is restricted. You also have the right to lodge a complaint with the responsible regulatory authority.
In order to exercise this right, or if you have any other questions on the topic of data protection, you can contact us at any time.
Analysis tools and other third party tools
When you visit our website, your surfing behaviour can be statistically analysed. This occurs predominantly using analysis programs.
2. Hosting and content delivery networks (CDNs)
This website is hosted by an external service provider (hosting company). The personal data recorded on this website is stored on the hosting company’s servers. This includes for example IP addresses, contact enquiries, meta data and communication data, contractual data, contact details, names, web page access details and other data generated by a website.
A hosting company is used in order for us to fulfil contractual obligations to current and potential customers (Article 6 (1) (b) GDPR) and to ensure secure, fast and efficient availability of our web presence by a professional provider (Article 6 (1) (f) GDPR).
Our hosting company will only process your data insofar as required to fulfil its contractual obligations, and will follow our instructions in relation to this data.
We use the following hosting company:
Neue Medien Münnich
Conclusion of a contract for data processing
In order to ensure that data is processed in accordance with data protection laws, we have concluded a data processing contract with our hosting company.
3. General information and mandatory information
We would like to point out that transfer of data via the internet (such as for example communication by email) can be subject to security vulnerabilities. It is not possible to guarantee that this data cannot be accessed by third parties.
Information on the responsible authority
The responsible authority for this website is:
Alte Hauptstraße 77b
The responsible authority is the individual person or legal entity who, either alone or together with others, decides on the purpose of processing personal data (for example names and email addresses etc) and the method it is processed by.
Information on data transfer to the USA and other third countries
Integrated into our website are tools from businesses based in the USA or in other countries which cannot be regarded as secure third countries for the purposes of data protection. If these tools are active, your personal data can be transferred to these third countries and processed there. We would like to point out that in these countries, there is no level of data protection comparable to that of the EU. For example, US businesses are obliged to supply personal data to security agencies, without the people affected being able to take legal proceedings against this. It therefore cannot be ruled out that US authorities (such as the security services) process and analyse your personal data found on US servers for monitoring purposes, and store it for long periods. We have no influence on these data processing activities.
Revoking your consent for data processing
Many data protection operations are only possible with your explicit consent. You can revoke previously granted permission at any time. The legality of the data processing that occurs up to the point you revoke your consent remains unaffected by this revocation.
Right to object to data collection in particular circumstances, as well as to direct marketing (Article 21 GDPR)
IF YOUR PERSONAL DATA IS USED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT AT ALL TIMES TO LODGE AN OBJECTION TO YOUR PERSONAL DATA BEING PROCESSED FOR THE PURPOSES OF THIS TYPE OF MARKETING. THIS ALSO APPLIES TO PROFILING, INSOFAR AS IT IS LINKED TO SUCH DIRECT MARKETING. IF YOU LODGE AN OBJECTION, YOUR PERSONAL DATA WILL THEN NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION AS SET OUT IN ARTICLE 21 (2) GDPR).
The right to complain to the responsible authority
In the event of a breach of the GDPR, the affected party has the right to appeal to a regulatory authority, in particular in the member state where you usually reside, in which your workplace is located or the where the suspected breach took place. This right to appeal is unaffected by any other administrative or legal remedies.
The right to data portability
You have the right to receive, or for third parties to receive, the data that we process using automated processes on the basis of your consent to do so, or for us to fulfil a contract. This must be made available in a common machine-readable format. Should you demand that the data is transferred directly to your representative, this only occurs insofar as this is technically possible.
For security reasons, and in order to protect the transmission of confidential data, such as for example orders or enquiries that you send us in our function as website owner, this website uses SSL/TLS encryption. You can recognise a secure connection by the fact that ‘https’ appears in the browser’s address bar instead of ‘http’, and by the padlock icon in your browser bar.
When SSL/TLS are activated, the data you transfer to us cannot be read by third parties.
Information, blocking, deletion and correction
As part of the applicable legal regulations, you have at all times the right to free-of-charge information on your stored personal data, its source and recipient and the purpose for the data processing, and where applicable a right to have this data corrected or deleted. To exercise this right, or if you have any other questions on personal data, you can contact us at any time.
Right to restrict processing
You have the right to demand that processing of your personal data is restricted. In order to exercise this right, you can contact us at any time. You have a right to restrict processing in the following cases:
- If you dispute the accuracy of the personal data we store, we generally need time to check this. For the duration of this inspection, you have the right to demand that processing of your personal data is restricted.
- If processing of your personal data occurred/occurs illegally, you can demand that data processing is restricted rather than the data being deleted.
- If we no longer require your personal data, but if you however require it for exercising, defending or asserting legal claims, you have the right to restrict processing of your personal data rather than it being deleted.
- If you raise an objection in accordance with Article 21 (1) GDPR, consideration must be made of your interests and ours. As long as cannot be determined whose interests take precedence, you have the right to demand that processing of your personal data is restricted.
If you have placed a restriction on the processing of your personal data, this data can only be processed – apart from storing it – with your permission, or to assert, exercise or defend legal claims, to protect the rights of an individual person or legal entity or for reasons relating to an important public interest of the European Union or one of its member states.
Objection to advertising emails
We hereby object to the use of the contact details provided as part of the German legal requirement to provide a site legal notice page for the sending of unsolicited advertising and informational materials. The operator of this website expressly reserves the right to take legal action in the event that unsolicited advertising information, such as spam emails, is sent.
4. Data collection on this website
Cookies are small text files, and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or for a longer period (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.
In some instances, cookies from third party business can also be stored on your end device when you visit our website (third party cookies). These enable us or you to use certain services provided by these third party companies (for example, cookies for payment processing services).
Cookies have various functions. Many cookies are necessary for technical reasons. Certain website functions (such as shopping basket functionality or the display of videos) would not work without them. Other cookies are used for analysing visitor behaviour or displaying advertising.
Unless any other legal basis is stated, cookies required in order to enable electronic communication processes (necessary cookies), or for the provision of certain functions that you desire (for example, shopping basket functionality), or for the purposes of website optimisation (such as cookies for measuring web audiences), are stored in accordance with Article 6 (1) (f) GDPR. The website owner has a legitimate interest in the storage of cookies so that our services can be provided in optimum manner and without technical errors. Provided that the appropriate consent has been granted (for example, consent to store cookies), data is processed solely on the basis of Article 6 (1) (a) GDPR. Consent can be revoked at any time.
You can set your browser so that you are informed before cookies are stored, so that you can either enable them on a case-by-case basis, decline them in certain cases or decline them altogether, or have cookies automatically deleted when you close your browser. If cookies are deactivated, this website’s functionality can be restricted.
Server log files
The provider of this website automatically collects and stores information that your browser automatically transfers to us in server log files. This information spans:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the computer accessing the website
- Time the server request was made
- IP address
This data is not merged with other data sources.
This information is collected on the basis of Article 6 (1) ( f) GDPR. The website owner has a legitimate interest in ensuring our website is presented without technical problems and in optimising it – the recording of server log files is required for this.
If you send us enquiries using the contact form, we will save the details you provide in the contact form, including the contact details you provide, for the purpose of dealing with your enquiry and for the event of any follow-up enquiries. We will not pass this data to other parties without your permission.
Processing of this data occurs on the basis of Article 6 (1) (b) GDPR, insofar as your enquiry relates to the fulfilment of a contract or is required for performing pre-contractual duties. In all remaining cases, processing occurs on the basis of our legitimate interest in being able to effectively process enquiries that are sent to us (Article 6 (1) (f) GDPR), or your consent having been granted (Article 6 (1) (a) GDPR), provided this has been requested. In all remaining cases, processing occurs on the basis of our legitimate interest in being able to effectively process enquiries that are sent to us (Article 6 (1) (f) GDPR), or your consent having been granted (Article 6 (1) (a) GDPR), provided this has been requested.
We retain the data you enter into the contact form until you ask us to delete it, revoke your consent for us to store it, or the purpose for storing the data is no longer applicable (for example, after processing of your enquiry has been completed). Mandatory legal provisions – especially those regarding data retention periods – remain unaffected.
Enquiries by email
If you contact us by email, we will store and process your enquiry, including the personal information contained within it (name, enquiry), for the purpose of dealing with your matter. We will not pass this data to other parties without your permission.
Processing of this data occurs on the basis of Article 6 (1) (b) GDPR, insofar as your enquiry relates to the fulfilment of a contract or is required for performing pre-contractual duties. In all remaining cases, processing occurs on the basis of our legitimate interest in being able to effectively process enquiries that are sent to us (Article 6 (1) (f) GDPR), or your consent having been granted (Article 6 (1) (a) GDPR), provided this has been requested.In all remaining cases, processing occurs on the basis of our legitimate interest in being able to effectively process enquiries that are sent to us (Article 6 (1) (f) GDPR), or your consent having been granted (Article 6 (1) (a) GDPR), provided this has been requested.
We retain the data you send to us as part of contact enquiries until you ask us to delete it, revoke your consent for us to store it, or the purpose for storing the data is no longer applicable (for example, after processing of your enquiry has been completed). Mandatory legal provisions – especially those regarding statutory data retention periods – remain unaffected.
5. Social media
Social media plugins
This website uses social media plugins (eg Facebook, Twitter and WhatsApp).
You can generally recognise these plugins by the use of the respective social media logos. To guarantee data protection on this website, the plugins are configured so that data collected as soon as you first visit the website is not transferred to the respective provider.
A direct connection the provider’s server is only established if you activate the respective plugin by clicking its button (granting consent). Once you activate this plugin, the respective provider receives the information that you have visited this website with your IP address. If, at the same time, you are logged into the respective social media account (for example Facebook), the respective provider can link your visit to this website to your user account.
Activation of this plugin represents consent on the basis of Article 6 (1) (a) GDPR. You can revoke this consent, with future effect, at any time.
6. Analysis tools and advertising
Matomo (formerly Piwik)
This website uses the open source website analytics service Matomo. Matomo uses technologies (such as for example cookies or device fingerprinting) that enable users to be ‘recognised’ when visiting the pages of our website, enabling us to analyse their user behaviour. The information relating to the use of our website collected by Matomo in this way is stored on our servers. The IP address is anonymised before the data is stored.
With the help of Matomo, we are able to record and analyse how visitors use our website. For example, we can see when pages are visited, and from which geographical regions visitors access our website. Furthermore, we also record various log data (for example IP address, referrers, browser and operating system used), and can measure whether visitors to our website carry out certain actions (for example clicks or purchases, among others).
Use of this analysis tool occurs on the basis of Article 6 (1) (f) GDPR. The website owner has a legitimate interest in the anonymous analysis of user behaviour, in order to optimise his or her website content and also advertising. Provided that the appropriate consent has been granted (for example, consent to store cookies), data is processed solely on the basis of Article 6 (1) (a) GDPR. Consent can be revoked at any time.
We use IP anonymisation in conjunction with these analyses using Matomo. Your IP address is shortened before it is analysed, meaning that it can no longer be linked to you.
We host Matomo with the following third party provider:
Neue Medien Münnich
Conclusion of a data processing contract
We have concluded a data processing contract with this third party provider. This guarantees that the data recorded using Matomo will only be processed according to our instructions and in compliance with the GDPR.
Source: e-recht.de (adapted and translated from German by the website owner)