DATA PROTECTION DECLARATION
I. NAME AND ADDRESS OF THE COMPANY RESPONSIBLE
The legal entity responsible in the sense of the General Data Protection Regulation and other national data protection laws in member states as well as further data protection regulations is:
Managing director: Dirk Beer
Theodor-Heuss-Straße 24 | 70174 Stuttgart
+49 711 219 55 123 | firstname.lastname@example.org
Data protection commissioner:
Mr. Herbert Wolf
+49 711 907 596 23
II. GENERAL INFORMATION ABOUT DATA PROCESSING
1. EXTENT OF PERSONAL DATA PROCESSING
In general, we collect and process personal data concerning our users only insofar as it is necessary to provide a functioning website for our contents and service as well as for advertising purposes. The collection and use of the personal data concerning our users is reviewed regularly but only with the consent of the user concerned. There is one exception in those cases where it is not possible to obtain prior consent for practical reasons and the processing of the data is allowed by legal regulations.
2. LEGAL BASIS FOR PROCESSING PERSONAL DATA
Art. 6 §1 a) of the EU-Data Protection Basic Regulations (DSGVO) serves as the legal basis for processing personal data insofar as we obtain prior consent from the person concerned for processing personal data concerning them.
Art. 6 §1 b) DSGVO serves as the legal basis when processing personal data necessary to comply with a contract to which the data subject is party. This is also true for the processing necessary for the implementation of pre-contractual measures.
Art. 6 §1 c) DSGVO serves as the legal basis should it be necessary to process person-related data to comply with legal obligations to which our company is subject.
Art. 6 §1 d) DSGVO serves as the legal basis should vital interests of the person concerned or another natural person make person-related processing necessary.
Art. 6 §1 f) DSGVO is to serve as the legal basis for the processing should the processing be necessary for the protection of a legitimate interest of our company or a third party and should the interests, civil rights and fundamental freedoms of the person concerned not outweigh the first mentioned interest.
3. DATA ERASURE AND DATA STORAGE
The personal data of the person concerned will be erased or blocked as soon as the original purpose for storing the data no longer exists. Further storage of the data may be permitted beyond that if provision has been made for this by the European Commission or national legislation in European Union regulations, laws or other requirements to which the responsible service provider is subject. The blocking or erasure of the data also occurs if the retention period covered by one of the standards already mentioned has expired unless necessity for further data storage for concluding or fulfilling a contract exists.
III. AVAILABILITY OF THE WEBSITE AND CREATION OF LOG FILES
1. DESCRIPTION AND SCOPE OF THE DATA PROCESSING
Every time our internet website is contacted, our system registers the automated data and information of the computer system of the visiting computer.
The following data will be collected on this occasion:
Information about the type of browser and the version used
The user’s operating system
The user’s IP address
The date and time of access
The data is also stored in the log files of our system. This data is not stored in connection with any other personal data of the user.
2. LEGAL BASIS FOR DATA PROCESSING
The legal basis for temporarily storing the data and the log files is Art. 6 §1 f) DSGVO.
3. PURPOSE OF DATA PROCESSING
The temporary storage of the IP address by the system is necessary to allow the website to be delivered to the user’s computer. To do this, the user’s IP address has to be stored for the duration of the session.
The log file storage is to ensure the website functions properly. In addition, the data serves to optimise the website and to ensure the safety of our information technology systems. The data is not evaluated for marketing purposes in this connection.
For these purposes, our interest in processing the data is justified according to Art. 6 §1 f) DSGVO.
4. DURATION OF STORAGE
The data is erased as soon as the purpose for its collection has been achieved and it is no longer needed. As far as collecting the data in order to deliver the website is concerned, this is as soon as the individual session is over.
In the case of data storage in log files, this is the case after 180 days at the latest. Storing the data over and above this period is possible. In this case, the user’s IP addresses are deleted or distorted so that it is no longer possible to assign them to the client visiting the website.
5. POSSIBILITY FOR OBJECTION AND REMOVAL
The collection of data to provide access to the website and the storage of data in log files is mandatory for operating the website. Consequently the user is not able to appeal against it.
IV. Google Analytics
Our websites use Google Analytics, a web analysis service provided by Google Inc. (“Google”). The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
For this service, Google uses so-called “cookies“, that is, text files which are then stored on the user’s computer to allow his/her use of the website to be analysed. As a rule, the following information is generated by the cookie about how the website is used
type and version of browser,
operating system used,
referrer-URL (the website previously visited),
host name of the accessing computer (IP address),
time of server request,
and this is transferred to a Google server in the USA and stored there. The website also uses Google Analytics with the extension “_anonymizeIp()” so that data can only be processed anonymously. Here the IP address is shortened by the last 3 digits so that it is no longer possible to identify the IP address exactly. Only in exceptional cases is the complete IP address transferred to a Google server in the USA and shortened there.
Google uses this information on our behalf to evaluate your use of our website in order to compile reports about website activities and to provide other services in connection with the use of the website and the website activities of connected services. Google will also pass on this information where appropriate to third parties as far as this is prescribed by law or as far as third parties process this data on behalf of Google. Google will not make any connection between your IP address and any other Google data. This procedure also covers our own justified interest in the processing of personal data according to Art. 6 §1 f) DSGVO.
The data is processed on the basis of Art. 6 §1 p.1 f) DSGVO. The data is automatically erased after its statistic evaluation and within 160 days at the latest.
It is possible for you to prevent the installation and storage of cookies by making the appropriate adjustment to your browser software. However, we would like to point out that in this case you may not be able to make complete use of all of the functions provided by this website.
Furthermore, you can prevent Google’s acquisition of the cookie-generated data and the data relating to your use of the website (incl. your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link:
As an alternative to the browser add-on, it is also possible to prevent data acquisition by Google Analytics especially from browsers in mobile devices by installing an opt-out cookie in your browser which prevents the future acquisition of your data when you visit this website. The opt-out cookie can only be used in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, then you have to re-install the opt-out cookie.
Installing Google Analytics Opt-Out Cookie
By using the website you agree to the processing of data concerning you acquired by Google in the manner described previously and for the aforementioned purpose. Further information about Google Analytics is to be found in the internet under the following link of the manufacturer Google
V. CONTACT FORM AND E-MAIL CONTACT
1. DESCRIPTION AND SCOPE OF THE DATA PROCESSING
There is a contact form on our website which can be used for contacting us electronically. If a user takes advantage of this contact form, then the data entered in the input mask will be transmitted to us and stored. In addition the following data is stored when the message is transmitted:
the IP-address of the user
the date and time it was sent
Alternatively, it is also possible to contact us by using the e-mail address provided. In this case, only the personal user data transmitted with the e-mail is stored.
In this context, no data will be passed on to a third party. The data will be only used for the further processing of the mail contact.
2. LEGAL BASIS FOR THE DATA PROCESSING
The legal basis for processing data arising when a message is transmitted to us is Art. 6 §1 f) DSGVO as well as Art. 6 §1 b) DSGVO.
3. REASON FOR THE DATA PROCESSING
Processing personal data concerning you in the input mask or e-mail serves solely to contact you and process your enquiry.
The other personal data processed when the e-mail is transmitted only serves to prevent abuse of the contact form and to ensure the safety of our information technology system and this provides the necessary justified interest for the processing of the data.
4. DURATION OF DATA STORAGE
The data is erased as soon as it is no longer needed to achieve the purpose for which it was collected. This is the case for personal data concerning you which was entered in the input mask of the contact form as well as the data transmitted by e-mail when the contact or e-mail conversation with the user is over. The conversation is then over when the circumstances indicate that the issues have been resolved.
The personal data additionally collected when the message was transmitted is erased at the latest after a period of seven days.
5. OPTION TO OBJECT AND REMOVE
The user can at any time revoke his consent to processing personal data. If the user contacts us by e-mail, he may at any time object to the storage of personal data concerning him. In such a case it is not possible to continue the e-mail conversation.
Both in this connection as well as for other questions dealing with personal data concerning them, users may contact us at any time under the address given in Paragraph 1 of this declaration or they can send a direct message to email@example.com.
In this case, all personal data stored during this contact will be erased.
VI. SOCIAL MEDIA
Via our social media pages (Facebook, Instagram, Twitter, Google+), we also provide you with extensive personal support and the ability to stay in contact with us. These social media services also collect their own personal data, for example via the profile you created there or via so-called social plug-ins which are implemented in websites of third parties.
If you send us an enquiry using one of these social media, it will be treated confidentially. The data will only be used for answering your question.
VII. REGISTRATION FUNCTION
Users can create a user account. Within the scope of registration, the required mandatory data will be communicated to the users and processed on the basis of Art. 6 para. 1 lit. b DSGVO for the purpose of providing the user account. The processed data includes in particular the login information (name, password and an e-mail address). The data entered during registration will be used for the purposes of using the user account and its purpose.
Users may be informed by e-mail of information relevant to their user account, such as technical changes. If users have terminated their user account, their data will be deleted with regard to the user account, subject to a statutory retention obligation. It is the responsibility of the users to secure their data before the end of the contract in the event of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.
Within the scope of using our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. A passing on of these data to third parties does not take place in principle, unless it is necessary for the pursuit of our claims or there is a legal obligation according to art. 6 para. 1 lit. c. DSGVO. The IP addresses are anonymized or deleted after 7 days at the latest.
VIII. CONTACTING US
When contacting us (e.g. via contact form, e-mail, telephone or via social media), the user’s details are used to process the contact enquiry and to process it in accordance with Art. 6 Para. 1 lit. b. of the German Data Protection Act. (within the framework of contractual/pre-contractual relationships), Art. 6 para. 1 lit. f. (other requests) DSGVO processed… The user data can be stored in a customer relationship management system (“CRM system”) or comparable inquiry organization.
We will delete the requests if they are no longer necessary. We review the necessity every two years; furthermore, the statutory archiving obligations apply.
With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you agree to the receipt and procedures described.
Content of the newsletter: We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter “newsletter”) only with the consent of the recipient or a legal permission. Insofar as the contents of the newsletter are specifically described within the framework of registration, they are decisive for the consent of the user. In addition, our newsletters contain information about our products and information accompanying them (e.g. safety instructions), offers, promotions and our company.
Double-Opt-In and logging: The registration to our newsletter takes place in a so-called Double-Opt-In procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that no one can register with external e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes storing the login and confirmation times as well as the IP address. Likewise the changes of your data stored with the dispatch service provider are logged.
Registration data: To subscribe to the newsletter, it is sufficient to enter your e-mail address. Optionally we ask you to enter a name in the newsletter in order to address you personally.
The dispatch of the newsletter and the performance measurement associated with it are based on the consent of the recipients pursuant to Art. 6 Para. 1 lit. a, Art. 7 DSGVO in conjunction with § 107 Para. 2 TKG or, if consent is not required, on our legitimate interests in direct marketing pursuant to Art. 6 Para. 1 as per f. DSGVO in conjunction with § Art. 107 Par. 2 and 3 TKG.
The registration procedure is recorded on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO. We are interested in using a user-friendly and secure newsletter system that serves our business interests, meets users’ expectations, and allows us to provide evidence of consent.
Cancellation/revocation – You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to provide evidence of prior consent. The processing of these data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of a consent is confirmed at the same time.
X. NEWSLETTER – MAILCHIMP
The dispatch service provider can use the data of the recipients in pseudonymous form, i.e. without allocation to a user, to optimise or improve its own services, e.g. for technical optimisation of the dispatch and presentation of the newsletter or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.
XI. NEWSLETTER – SUCCESS MEASUREMENT
The newsletters contain a so-called “web-beacon”, i.e. a file the size of a pixel, which is retrieved from our server when the newsletter is opened or, if we use a dispatch service provider, from its server. Within the scope of this retrieval, technical information such as information about the browser and your system, as well as your IP address and time of retrieval are first collected.
This information is used for the technical improvement of the services on the basis of technical data or target groups and their reading behaviour on the basis of their retrieval points (which can be determined with the help of the IP address) or access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. It is, however, neither our endeavour nor, if used, that of the shipping service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
A separate revocation of the performance measurement is unfortunately not possible, in this case the entire newsletter subscription must be cancelled.
XII. LEGAL RIGHTS OF THE PERSON CONCERNED
When personal data concerning you is processed, you are an affected person in the sense of the DSGVO and you therefore have the following legal rights:
1. RIGHT TO INFORMATION
You can request confirmation from the person responsible as to whether personal data concerning you is being processed by us.
Should such processing have occurred, you can request the following information from the person responsible:
(1) The reasons why personal data is being processed;
(2) The categories of personal data which are being processed;
(3) The recipient or the categories of recipients to whom the personal data concerning you has been disclosed or is still to be disclosed;
(4) The duration of the storage planned for the personal data in question or, if definite particulars here are not available, the criteria for determining the duration of storage;
(5) The existence of a right to rectification or erasure of the personal data concerning you, a right to restrict the processing by the person responsible or a right of objection to the processing;
(6) The existence of a right to complain to a regulatory body;
(7) All available information about the origin of the data if the personal data has not been collected from the person concerned;
(8) The existence of an automatic decision-making system including profiling according to Art. 22 §1 and 4 DSGVO and – at least in these cases – convincing information about the logic involved as well as the impact and desired scope of such processing for the person concerned.
You have the right to request information about whether the personal data in question has been transmitted to a third country or an international organisation. According to Art. 46 DSGVO, in this connection you can also request suitable guarantees concerning information about the transmission.
2. RIGHT OF RECTIFICATION
You have a right to rectification and/or completion vis-à-vis the person responsible, insofar as the processed personal data concerning you is wrong or incomplete. The person responsible has to make the corrections promptly.
3. RIGHT TO RESTRICT THE PROCESSING
Under the following conditions you can request the restriction of the processing of the personal data concerning you:
(1) If you contest the accuracy of the personal data concerning you for a period which allows the person responsible to check the accuracy of the personal data;
(2) If the processing is unlawful and you refuse to have the personal data erased, but instead request the use of the personal data to be restricted;
(3) If the person responsible no longer needs the personal data for processing purposes, but you need them however for the establishment, exercise and defence of legal claims, or
(4) If you filed an objection to the processing according to Art. 21 §1 DSGVO and it has not yet been determined whether the justified reasons of the person responsible outweigh your reasons.
Should the processing of the personal data concerning you be restricted, then this data – apart from its storage – may only be processed with your permission or for the establishment, exercise and defence of legal claims or to protect the rights of another natural or legal person or for reasons of substantial public interest of the European Union or a Member State.
Should the restriction on processing be restricted according to the above-mentioned conditions, then you would be informed by the person responsible before the restriction is lifted.
4. RIGHT TO ERASURE
a) OBLIGATION TO ERASE
From the person responsible you can demand that the personal data concerning you is erased immediately and the person responsible is obliged to erase the data immediately as long as one of the following reasons applies:
(1) The personal data referring to you is no longer needed for the purposes for which it was collected or otherwise processed.
(2) You revoke your consent which was the basis for the processing according to Art. 6 §1 a) or Art. 9 §2 a) DSGVO and there is no other legal basis for the processing.
(3) You object to the processing according to Art. 21 §1 DSGVO and there are no overriding justifiable reasons for the processing, or you file an objection to the processing according to Art. 21 §2 DSGVO.
(4) The personal data concerning you has been processed unlawfully.
(5) The erasure of the personal data concerning you is necessary to comply with a legal obligation according to European Union law or the law of the Member States to which the person responsible is subject.
(6) The personal data concerning you was collected in connection with services provided by the information society according to Art. 8 §1 DSGVO.
b) INFORMATION PASSED ON TO THIRD PARTIES
If the person responsible has publicised personal data concerning you and if he is obliged to erase it according to Art. 17 §1 DSGVO, he has to take suitable measures, also technical, and taking the technology available and the costs of implementation into consideration, to inform the person responsible for the data processing that you as the person concerned demand from him the deletion of all links to this personal data or the copies or replications of this personal data.
The right to deletion does not exist as long as the processing is needed:
(1) To exercise the right to free speech and information;
(2) To comply with a legal obligation which requires the processing to be in accordance with European Union law or law of a Member State, to which the person responsible is subject, or the performance of a task in the public interest, or in the exercise of public authority vested in the person responsible;
(3) For reasons of public interest in the field of public health according to Art. 9 §2 h) and i) as well as Art. 9 §3 DSGVO;
(4) For reasons of public interest in the field of archive, scientific or historical research purposes or for statistical purposes according to Art. 89 §1 DSGVO, insofar as the right mentioned in section a) is likely to make achieving these objectives impossible or seriously compromised,
(5) Or for the establishment, exercise or defence of legal claims
5. RIGHT TO BE INFORMED
If you have exercised your rights to the rectification, erasure or restriction of data processing concerning you vis-à-vis the person responsible, he/she is obliged to inform all recipients to whom the personal data concerning you was disclosed about this rectification, erasure or restriction of the data processing, unless this should prove to be impossible or involving disproportionate efforts.
The person responsible shall have the right to be informed of such recipients.
6. RIGHT TO DATA PORTABILITY
You have the right to receive the personal data concerning you, which had been provided by you to the person responsible, in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another person in charge without obstruction from the person responsible to whom the personal data was originally given, provided that:
(1) The processing is based on consent according to Art. 6 §1 a) DSGVO or Art. 9 §2 a) DSGVO or on a contract according to Art. 6 §1 b) DSGVO; and
(2) The processing is effected by means of automated methods.
In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one person responsible to another person responsible, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected by this.
The right of data portability is not only valid for the processing of personal data necessary for performing a task that lies in the public interest or in the exercising of public authority conferred on the person responsible.
7. RIGHT TO OBJECT
You have the right, for reasons which arise from your special situation, to object at any time on the basis of Art. 6 §1 e) or f) DSGVO to the processing of the personal data concerning you which has taken place; this is also true for a profiling which is based on these provisions.
The person responsible does not process the personal data concerning you unless he/she can establish compelling legitimate reasons for the processing which outweigh your interests, rights or freedoms, or the processing serves the establishment, exercising or defence of legal claims.
Should the personal data concerning you be processed to engage in direct advertising, you have the right at any time to object to the processing of the personal data concerning you for the purpose of such advertising; this is also true for profiling, insofar as it is connected to such direct advertising.
If you object to the processing for purposes of direct advertising, then the personal data concerning you will no longer be used for these purposes.
You are also able to make use of your right of objection by means of automated procedures in connection with using the services of the information society – notwithstanding directive 2001/58/EG – where technical specifications are used.
8. RIGHT TO WITHDRAWAL OF THE DATA PROTECTION DECLARATION OF CONSENT
You have the right at any time to withdraw your data protection declaration of consent. By withdrawing your consent, the legality of the processing carried out based on your consent up to its withdrawal is not affected.
9. AUTOMATED DECISION ALSO ON A CASE-BY-CASE BASIS INCLUDING PROFILING
You have the right not to be subject to a decision based exclusively on automated processing – including profiling – which can result in a legal effect or compromise you badly in a similar way. This does not apply if the decision is:
(1) Necessary for the conclusion or fulfilment of a contract between you and the person responsible;
(2) Permissible based on the legal regulations of the European Union or the Member States to which the person responsible is subject, and these legal regulations contain suitable measures to guarantee your rights and freedoms as well as your legitimate interests; or
(3) Concluded with your express consent.
However, these decisions may not be based on special categories of personal data according to Art. 9 §1 DSGVO, as long as Art. 9 §2 a) or g) do not apply and suitable measures to protect your rights and freedoms as well as your justified interests are taken.
With regard to the cases mentioned in (1) and (3), the person responsible is to take suitable measures to guarantee your rights and freedoms as well as your justified interests, whereby at least the right to obtain the intervention of a person by the person responsible, to present one’s own point of view and to challenge the decision should be included.
10. RIGHT TO MAKE A COMPLAINT TO A SUPERVISORY BODY
Irrespective of any other administrative or legal remedies, you retain the right to complain to a supervisory body, especially in the Member State of your place of residence, workplace, or the place of the presumed infringement, if you are of the opinion that the processing of the personal data concerning you is an infringement of the DSGVO
The supervisory authority which accepts the complaint will inform the complainant about the status and results of the complaint including the possibility of legal action according to Art. 78 DSGVO.
VIII. USING COOKIES
a) Description and scope of the data processing
In this way, the following data can be transmitted:
Search terms entered
Frequency of visits to website
b) Legal basis for the data processing
The legal basis for the processing of personal data using cookies for analytic purposes is the existence of the user’s consent concerning this matter according to Art. 6 §1 a) DSGVO.
c) Reason for processing the data
The reason for using analysis cookies is to improve the quality of our website and its contents. By using analysis cookies, we can find out how the website is used and thus continually optimise what we offer.
d) Duration of storage; Objection and removal possibility
Other cookies are stored on the user’s computer and transferred from it to our website. Most of the cookies used by us are so-called “session cookies”. They are automatically deleted at the end of the session. The storage period of the further analysis cookies is 2 years.
As a user you also have complete control of how the cookies are used. By altering the settings in your internet browser you can deactivate or restrict the transference of cookies. Cookies already stored there can be deleted at any time. This can be done automatically. If you deactivate the cookies for our website, then it is possible that you may not be able to use all the website functions to their fullest extent.