DATA PRIVACY NOTICE
I. Information on the Collection of Personal Data
1. Personal data
Below we will inform you of how we collect personal data when you use our website. Personal data means any data that can be attributed to you personally, e.g. name, address, email address, user behaviour.
2. Controller within the meaning of the GDPR
The controller according to Art. 4 para. 7 of the EU General Data Protection Act (GDPR) is
Fon : 06157 986380
(also see our Imprint).
You can contact our Data Protection Officer at firstname.lastname@example.org “Data Protection Officer”.
3. Notes on contacting us
When you contact us by email or via the contact form, we save the data provided by you (your email address and, if applicable, your name and your phone number) in order to answer your query. We delete the data in question when it no longer needs to be stored, or we restrict processing to comply with legal storage requirements that may apply.
4. External service providers
If we use commissioned service providers for individual functions of our offer, or if we wish to use your data for advertising purposes, you are informed of the relevant processes in detail below. This also includes stating the criteria determining the storage period.
5. SSL and TLS encryption
This website uses an SSL or TLS encryption for security reasons and to protect the transfer of confidential contents, such as orders and requests which you send to us as the website provider. You can identify an encrypted connection because the browser’s address line changes from “http://” to “https://” and a lock symbol is displayed in your browser line.
II. General Data Processing Information
1. Scope of processing personal data
We generally only process our users’ personal data to the extent that this is required to provide a functioning website and our contents and services. Our users’ personal data is generally only processed after the users have consented. An exception applies in cases in which it is not possible to obtain prior consent for practical reasons when processing the data is permitted by legal provisions.
2. Principles for processing personal data
To the extent that we obtain the data subject’s consent to process the personal data, our legal basis for processing personal data is provided in Art. 6 para.1 a) GDPR.
Our legal basis for processing personal data required for contract performance where the data subject is the contracting party is Art. 6 para. 1 b) GDPR. This also applies to processing procedures required to implement measures prior to entering into a contract.
If processing of personal data is required to meet a legal obligation, to which our company is subject, Art. 6 para. 1 c) GDPR serves as the legal basis.
To the extent that the data subject’s vital interests or those of a different natural person require us to process personal data, our legal basis for processing personal data is Art. 6 para. 1 d) GDPR.
If processing is required to protect a legitimate interest of our company or a third party, and this is not overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 para. 1 f) GDPR serves as the legal basis for the processing.
3. Data deletion and storage period
The personal data of the data subject is deleted and blocked as soon as the purpose of the storage ceases to apply. In addition, the personal data may be stored if this is required under the ordinances, laws, and other regulations issued by the European or national legislators, to which the controller is subject. The data is also blocked or deleted if a storage period stipulated by the above standards expires, except where the data is required to be stored further to conclude a contract or for contract performance.
4. Transfer of data when concluding a contract for services and digital contents
We only transfer personal data to third parties if this is required in the context of contract processing, e.g. to the financial institution tasked with processing the payment.
No further data transfers take place, or only if you explicitly consent to such a transfer. Your personal data is not transmitted to third parties, e.g. for advertising purposes, without your explicit consent.
The basis for data processing is Art. 6 para. 1 b) GDPR, which permits data processing for contract performance or for measures prior to concluding a contract.
III. Website Provision and Creation of Logfiles
1. Description and scope of data processing
Whenever you access our website, our system automatically records data and information from the accessing computer’s system.
The following data is collected:
Information about the browser type and version used
The data is also saved in our system’s logfiles. The data is not combined with other personal user data.
2. Legal basis for data processing
The legal basis for the temporary storage of the data and logfiles is Art. 6 para. 1 f) GDPR.
3. Purpose of data processing
The system must temporarily save the IP address in order to be able to provide the website to the user’s computer. To this end, the user’s IP address must be saved for the duration of the session.
The information is saved in logfiles in order to ensure that the website is fully functional. In addition, we use the data to optimise the website and protect the security of our IT systems. In this context, we do not use the data for marketing purposes.
These purposes also constitute our legitimate interest in the data processing according to Art. 6 para. 1 f) GDPR.
4. Storage period
The data is deleted once it is no longer required to fulfil the purpose of the collection. If the data is collected to provide the website, this is the case when the respective session ends.
If the data is stored in logfiles, this is the case at the latest within seven days. Further storage is possible. In this case, the user’s IP addresses are deleted or anonymised so that they can no longer be attributed to the calling client.
5. Right to object and erase
Data collection to provide the website and storage of the data in logfiles are essential for running the website. The user therefore does not have the right to object.
1. Description and scope of data processing
Technical features are used to pseudonymise the user data collected in this way. Thus, the data cannot be attributed to the accessing user. The data is not saved together with any other of the data subject’s personal data.
When the user visits our website, an information banner informs the user that cookies will be used for analytical purposes, and a link to this Data Privacy Statement is provided. In this context, information is also provided on how to prevent cookies from being saved by changing the browser settings.
2. Legal basis for data processing
The legal basis for processing personal data using cookies is Art. 6 para. 1 f) GDPR.
3. Purpose of data processing
The purpose of using technically required cookies is to simplify the user’s use of the website. Some functions of our website cannot be offered without using cookies. These make it necessary to be able to identify the accessing browser after switching to a different page.
The user data collected by technically required cookies is not used to create user profiles.
Analysis cookies are used to improve the quality of our website and its contents. The analysis cookies help us to find out how the website is used, thereby enabling us to continuously optimise our offer.
These purposes also constitute our legitimate interest in processing the personal data according to Art. 6 para. 1 f) GDPR.
Section VIII below provides details of the analysis services used.
4. Duration of storage, opportunity to object and erase
Cookies are saved on the user’s computer which returns them to us. This means that you as the user are fully in control of how cookies are used. By changing the settings in your browser, you can disable or restrict the transfer of cookies. Any stored cookies can be deleted at any time. This can also be automated. If cookies for our website are disabled, you may no longer be able to use all the functions of our website in full.
This website uses the following types of cookies whose scope and functionality are explained below:
Transient cookies (see a)
Persistent cookies (see b).
- a) Transient cookies are deleted automatically when you close your browser. In particular, this includes session cookies. These save a so-called session ID which can be used to allocate different requests from your browser to the joint session. In this way, your computer is recognised when you return to our website. The session cookies are deleted when you log out or close your browser.
Persistent cookies are automatically deleted after a specified duration which can vary depending on the cookie. You can delete the cookies at any time in your browser’s security settings.
1. Description and scope of data processing
If you buy goods or services from us, and save your email address, we may use this to send you our newsletter. In this case, the newsletter is only used for direct advertising for our own similar goods or services.
The newsletter is distributed by the service provider MailChimp (see Section V.6 below). The data is not passed on to third parties beyond that.
2. Legal basis for data processing
The legal basis for sending the newsletter after a purchase of goods or services is Art. 7 para. 3 of the Act Against Unfair Competition (UWG).
3. Purpose of data processing
The user’s email address is saved in order to be able to deliver the newsletter.
4. Storage period
The data is deleted once it is no longer required to fulfil the purpose of the collection. The user’s email address is thus stored for as long as the newsletter subscription is active.
5. Right to object and erase
The respective user can cancel the newsletter subscription at any time. A relevant link is provided in each newsletter.
6. Use of MailChimp
We use the services of MailChimp to deliver newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
MailChimp is a service which can be used, for example, to organise and analyse the sending of newsletters. If you enter data to receive the newsletter (e.g. email address), these are saved on the MailChimp servers in the USA.
MailChimp is certified under the “EU-US Privacy Shield”. The “Privacy Shield” is a treaty agreed between the European Union (EU) and the USA that aims to ensure compliance with the European data protection standards in the USA.
MailChimp helps us in analysing our newsletter campaigns. If you open an email sent by MailChimp, a file contained in the email (a so-called web beacon) connects to the MailChimp servers in the USA. This makes it possible to determine whether a newsletter email was opened and, if applicable, what links were clicked. In addition, technical information is recorded (e.g. access time, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is exclusively used for the statistical analysis of newsletter campaigns. The results of the analyses can be used to better adapt future newsletters to the recipient’s interests
You must unsubscribe from the newsletter if you do not wish to be analysed by MailChimp. A relevant link will be provided in every newsletter email for this purpose. Moreover, you can also unsubscribe from the newsletter directly on the website.
The data is processed based on your consent (Art. 6 para.1 a) GDPR). You may revoke your approval at any time by unsubscribing from the newsletter. The revocation shall not affect the legality of past data processing.
We will save the data stored with us for the purpose of sending the newsletter until you unsubscribe from the newsletter; the data will be deleted from our servers and from the MailChimp servers after you unsubscribe from the newsletter. This shall not affect data saved for other purposes (e.g. email addresses for the member area).
For more details, please refer to the MailChimp Data Privacy Statement at: https://mailchimp.com/legal/terms/.
Concluding a data processing agreement
VI. Application Process
We collect, process and use your personal data as part of processing applications. Your application data sent by email is transferred directly to HR where it is of course treated confidentially. Suitable technical and organisational measures ensure that your personal data is treated in accordance with legal provisions – confidentiality and security take precedence. Please note that the data is sent by email without encryption, and that the data may be read or even falsified by unauthorised parties. You are free to send us your documents by postal mail instead.
After the application process ends, however at the latest after 6 months, your personal data is deleted automatically, unless you explicitly consent to it being saved for a longer period.
The data is processed based on our legitimate interest according to Art. 6 para. 1 f) GDPR.
VII. Rights of the Data Subject
If your personal data is processed, you are the data subject within the meaning of GDPR, and you have the following rights in relation to the controller:
1. Right to information
You have the right to obtain confirmation as to whether or not we are processing personal data related to you.
If such processing applies, you can demand the following information from the controller:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data which are processed;
(3) the recipient or categories of recipients to whom the personal data related to you was or will be disclosed;
(4) the planned storage period for the personal data related to you or, if specific details are not available, the criteria for determining the storage period;
(5) whether a right applies to rectification or erasure of the personal data related to you, a right exists for restricting processing by the controller, or whether a right exists to object to such processing;
(6) whether a right exists to lodge a complaint with a supervisory authority;
(7) all information available about the origin of the data if the personal data is not collected from the data subject;
(8) whether automatic decision-making, including profiling, is used according to Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to demand information about whether the personal data related to you is sent to a third country or to an international organisation. In this context, you can demand to be informed of suitable guarantees under Art. 46 GDPR as they pertain to the transfer.
2. Right to rectification
You have the right to demand rectification and/or completion from the controller to the extent that the processed personal data related to you is incorrect or incomplete. The controller must make the correction immediately.
3. Right to restriction of processing
Under the following conditions, you can demand a restriction of processing of the personal data related to you:
(1) if you dispute the correctness of the personal data related to you for a term which allows the controller to check the correctness of the data;
(2) processing is unlawful and you reject deletion of the personal data and instead demand that use of the personal data shall be restricted
(3) the controller no longer requires the personal data for processing purposes, but you require this for asserting, exercising or defending legal claims, or
(4) you have objected to the processing according to Art. 21 para. 1 GDPR pending the verification whether the legitimate grounds of the controller override your grounds.
If processing of the personal data related to you has been restricted, the data may only – except for being stored – be processed with your consent or for asserting, exercising or defending legal claims, or to protect the rights of a different natural or legal person, or for reasons which constitute an important public interest of the Union or a Member State.
If processing was restricted under the above conditions, the controller will inform you before the restriction is lifted.
4. Right to erasure
- a) Obligation to erase
You can demand that the controller deletes the personal data related to you without delay; the controller is obligated to delete the data immediately if one of the following reasons applies:
(1) The personal data related to you is no longer required for the purposes for which it was collected or otherwise processed.
(2) You revoke your consent on which the processing according to Art. 6 para. 1 a) or Art. 9 para. 2 a) GDPR was based, and there is no other sufficient legal basis for the processing.
(3) You object to the processing in accordance with Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing according to Art. 21 para. 2 GDPR.
(4) The personal data related to you is processed unlawfully.
(5) Deletion of the personal data related to you is required to meet a legal obligation under a Union or Member State law to which the controller is subject.
(6) The personal data related to you is collected in relation to information society services offered under Art. 8 para. 1 GDPR.
- b) Information to third parties
Where the controller has made the personal data related to you public and is obligated under Art. 17 para. 1 GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure of all links, copies or replications of such personal data by the controllers.
- c) Exceptions
The right to erasure shall not apply to the extent that the processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by the Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in exercising the official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 h) and i), as well as Art. 9 para. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
(5) for asserting, exercising or defending legal claims.
5. Right to information
If you have asserted the right to rectification, erasure or restriction of processing to the controller, the latter is obligated to communicate the correction or erasure of the data or of the restriction of processing to each recipient to whom the personal data related to you has been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right in relation to the controller to be notified of these recipients.
6. Right to data portability
You have the right to receive the personal data related to you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, insofar as
(1) the processing is based on consent pursuant to Art. 6 para. 1 a) GDPR or Art. 9 para. 2 a) GDPR or on a contract pursuant to Art. 6 para. 1 b) GDPR, and
(2) the processing is carried with help from automated procedures.
In exercising this right, you furthermore have the right to have the personal data related to you transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to processing personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data related to you which is based on Art. 6 para. 1 e) or f) GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data related to you unless the controller documents compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for asserting, exercising or defending legal claims
Where personal data related to you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data related to you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Should you object to processing for direct marketing purposes, the personal data related to you shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to revoke your granting of consent under data protection law
You may revoke your consent under data protection law at any time. If you withdraw your consent, this does not affect the lawfulness of the processing before you withdrew your consent.
9. Automated case-by-case decision-making, including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects related to you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for entering into, or performance of, a contract between you and the data controller,
(2) is authorised by the Union or Member State law to which the controller is subject and which also sets forth suitable measures to safeguard your rights and freedoms and legitimate interests, or
(3) is based on your explicit consent.
However, these decisions must not be based on special categories of personal data referred to in Art. 9 para. 1 GDPR, unless Art. 9 para. 2 a) or g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, which shall at least include the right to obtain human intervention on the part of the controller, to express the own point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority concerning the processing of your personal data by us. The supervisory authority responsible for us is: Der Hessische Landesbeauftragte, Gustav-Stresemann-Ring 1, Tel.: 0611 1408-0, Fax: 0611 408-900 or -901, Email: email@example.com
VIII. Analysis Tools and Advertising
1. Google Analytics
Our website uses Google Analytics, a web analysis services by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google”). In this context, pseudonymised user profiles are created and cookies (see Section IV.) are used. The information regarding your use of this website, which is created by the cookie, such as
operating system used,
referrer URL (page visited previously),
host name of the accessing computer (anonymised IP address),
server request time
is sent to a Google server in the USA and saved there. The information is used to analyse use of the website, to compile website activity reports and to provide additional services relating to website and internet use for market research purposes and to tailor this website to user needs. This information may also be passed to third parties to the extent that this is a legal requirement or if third parties are commissioned to process these data. Google will not collate your IP address with any other data held by Google. IP addresses are anonymised so that they cannot be allocated (IP masking).
You can prevent cookies from being installed by setting the browser software accordingly; however, we would like to point out that in such a case, you may be unable to fully use all functions of this website.
Google Analytics is used in the interest of optimising and ensuring a needs-based design of our website. This represents a legitimate interest within the meaning of Art. 6 para. 1 f) GDPR.
In addition, you can prevent the data created by the cookie and related to the use of the website (incl. your IP-address) from being recorded and processed by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially for browsers on mobile end devices, you can also prevent storage by Google Analytics by clicking the following link: Disable Google Analytics. This adds an opt-out cookie which prevents your data from being recorded during future visits to this website. The opt-out cookie only applies to this browser and only for our website, and it is saved on your device. If you delete the cookies in this browser, this also results in the need to reset the opt-out cookie.
For more information on data protection in the context of Google Analytics, see the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).
Demographic features for Google Analytics
This website uses the Google Analytics function “demographics features”. This can be used to write reports which contain details about the age, gender and interests of the website users. This data comes from the interest-based Google advertising and from visitor data from third-party providers. Such data cannot be assigned directly to a specific person. You can disable this function at any time via your display settings in your Google account or generally prevent recording of your data by Google Analytics as described under “Objection to data collection”.
Click the lower button to turn off Google Analytics tracking.
IX. Plugins und Tools
1. Google Maps
This website uses the map service Google Maps via an API. This is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use Google Maps functions, your IP address must be saved. This information is normally sent to a Google server in the USA and saved there. The provider of this website cannot influence this data transfer.
Google Maps is used in the interest of ensuring that our online offer is presented attractively and that the sites shown on our website can be easily found. This is a legitimate interest within the meaning of Art 6 para. 1 f) GDPR.
For more information about how Google processes your data, see the Google Privacy Statement: https://www.google.de/intl/de/policies/privacy/.
2. Google Web Fonts
This website uses so-called web fonts provided by Google to ensure that fonts are displayed consistently. When you access a website, your browser loads the required web fonts to your browser cache to display texts and fonts correctly.
For this purpose, the browser used by you must establish a connection with the Google servers. This provides Google with information that our website was accessed by your IP address. Google web fonts are used in the interest of enabling a consistent and attractive presentation of our online offers. This is a legitimate interest within the meaning of Art 6 para. 1 f) GDPR.
If your browser does not support web fonts, your computer uses a standard font.
For more information on Google Web Fonts, see https://developers.google.com/fonts/faq and the Google privacy statement at: https://www.google.com/policies/privacy/.
Date of the Data Privacy Statement: 29 June 2018