This data protection declaration clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the associated websites, functions and content as well as external online presences, e.g. our social media profile (collectively referred to as “online offering”).
With regard to the terminology used, e.g. “processing” or “responsible”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
+49 176 34336604
Types of data processed:
- Inventory data (e.g., names, addresses).
- Contact information (e.g. e-mail, telephone numbers).
- Usage data (e.g. websites visited, interest in content, access times).
- Meta / communication data (e.g. device information, IP addresses).
Categories of persons affected
Visitors and users of the online offering (In the following, we refer collectively to data subjects as “users”).
Purpose of the processing
- Providing the online offer, its functions and content.
- Responding to contact requests and communicating with users.
- Security measures
means information that identifies an identified person or an identifiable natural person (hereinafter referred to as “data subject”); a natural person is considered identifiable if he or she can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or with one or more particular characteristics, are the expression of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
means any process carried out with or without the aid of automated procedures or any such process involving personal data. The term covers a wide range and covers practically any handling of data.
means the processing of personal data in such a way that the personal data can no longer be attributed to a specific person without additional information, provided that such additional information is kept separate and is subject to technical and organizational measures that the personal data is not attributed to an identified or identifiable natural person.
means any kind of automated processing of personal data which involves the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to that natural person’s performance at work, economic situation, health, personal preferences interests, reliability, behaviour, location or site.
means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data
means a natural or legal person, public authority, agency or body that processes personal data on behalf of the Controller.
Relevant legal basis
In accordance with Art. 32 GDPR, we take into account the state of the art, the implementation costs and the nature of the scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons; appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.
Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data as well as its access, input, disclosure, availability and segregation. We also have procedures in place to ensure data subject rights, data deletion, and data vulnerability. In addition, we consider the protection of personal data as early as the development or selection of hardware, software and procedures in accordance with the principle of data protection through technology design and data protection-friendly default settings (Article 25 of the GDPR)
Cooperation with subcontractors and third parties
If, in the course of our processing, we disclose, transfer or otherwise grant access to data to other persons and companies (contract processors or third parties), this will only be done on the basis of a legal permission (e.g. if a transfer of data to third parties, e.g. payment service providers, in accordance with Art. 6 (1) lit. b DSGVO, which are necessary for the performance of the contract), you have consented to a legal obligation or due to our legitimate interests (e.g. the use of agents, web hosts, etc.).
Insofar as we commission third parties with the processing of data on the basis of a so-called “data processing contract”, this is done on the basis of Art. 28 DSGVO.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in connection with the use of third-party services or the disclosure or transfer of data to third parties, this is only done if it is to fulfill our (pre)contractual obligations based on your consent, on a legal obligation or for legitimate interests. Subject to legal or contractual authorizations, we process or handle data in a third country only under the specific conditions of Art. 44 et seq. DSGVO. That processing, for example, on the basis of specific guarantees, such as the officially recognized level of data protection (e.g., for the USA by the Privacy Shield) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
Rights of data subjects
- You have the right to request confirmation as to whether such data is being processed and to obtain information about such data and to obtain further information and copying of the data accordingly. 15 GDPR.
- Accordingly, you have. Art. 16 GDPR the right to request that the data concerning you be completed or that the incorrect data concerning you be corrected.
- According to art. 17 DPA, you have the right to request that the relevant data be deleted without undue delay, or alternatively a restriction of the processing of data according to art. 18 DPA.
- You have the right to request that the data concerning you that you have provided to us, in accordance with Art. 20 GDPR and request its transfer to other data controllers.
- You have the right to lodge a complaint with the competent supervisory authority pursuant to Art. 77 DSGVO.
Right of withdrawal
You have the right to revoke consent with effect for the future in accordance with Article 7 (3) of the DSGVO.
Right to object
You may, in accordance with the provisions of Article 21 of the GDPR object at any time. The objection can be raised in particular against processing for direct marketing purposes.
Cookies and right to object to direct mail
“Cookies” are small files that are stored on users’ computers. Various information can be stored in the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an online site. Temporary cookies or “session cookies” or “transient cookies” are cookies that are deleted after a user leaves an online service and closes his browser. In such a cookie, for example, the content of a shopping cart in an online store or a login status is stored. The term “permanent” or “persistent” refers to cookies that remain stored even after the browser is closed. Thus, for example, the login status is stored when users revisit it after a few days. Likewise, such a cookie can store the interests of users, which are used for reach measurements or marketing purposes. A “third-party cookie” refers to cookies offered by providers other than the person responsible for the online offer (otherwise, cookies are referred to only as “first-party cookies”).
Deletion of data
We delete requests when they are no longer needed. We review the need every two years; In addition, the legal archiving obligations apply.
Hosting and emailing,
The hosting services we use are intended to provide the following services: Infrastructure and platform services, computing capacity, storage and database services, e-mail delivery, security services and technical maintenance services We use for the purpose of operating this online service.
Here, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 para. 1 lit. f DSGVO in conjunction with. Art. 28 DSGVO (conclusion of contract)
Sammlung von Zugriffsdaten und Protokolldateien
We collect on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO data on each access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident.