Privacy Statement in Accordance with the GDP
1. Name and Address of Responsible Party
The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of member states as well as other data protection regulations is:
2. Scope, Purpose, and Legal Basis of Processing Personal Data
In principle, we collect and use the personal data of our users only to the extent necessary to provide a functioning Web site and to provide our content and services. The personal data of our users is collected and used at regular intervals only after obtaining the consent of the user. An exception is made in cases where practical grounds exist which make it impossible to obtain prior consent and where processing of the data is permitted by law.
2.1 Creation of Log Files
Each time our Internet page is called up our system automatically collects data and information from the system of the requesting computer.
During this procedure the following data (“technical information”) are collected:
This part is to be revised accordingly. Remove non-applicable data types and add missing data types.
(1) Information about the type of browser and the version in use
(2) User operating system
(3) User Internet service provider
(4) User IP address
(5) Date and time of access
(6) Web sites from which the user system has accessed our Internet page
(7) Web sites accessed by the user system via our Web site
The log files contain IP addresses or other data which can be traced to a user. This could be the case, for example, if the link to the Web site from which the user accesses the Internet page, or the link to the Web site to which the user redirects, contains personal data. These data are also stored in the log files of our system. These data are not stored together with other personal data from the user. We use this technical information for network security purposes, for example to make it possible to ward off attack, for marketing purposes, in order to better understand user requirements, and in order to improve our Web site offerings. Within these purposes lie our legitimate interest in the processing of data referred to in Article 6 Section 1 letter f of the GDPR. Collection of these data is essential to providing the Web site and storage of the data in log files is essential to operation of the Internet page. This means that the user has no possibility to objection.
In this process the following data may be transferred:
(1) Frequency and duration of page views
2.3 Contact Form
Our Internet page includes a contact form which can be used for electronic communication. If a user chooses to use this option the data entered in the message field are transferred to us and stored. These data are:
The fields marked with * are mandatory.
In addition, at the time the message is sent the following data are stored:
A list of the relevant data follows. Examples are:
(1) User IP address
(2) Date and time of registration
As part of the submittal process you are requested to grant your consent to processing of the data and reference is made to this privacy statement. Alternatively, contact can be made using the e-mail address provided. In this case the personal data of the user which are transfered with the e-mail are stored. Within this process no data is transferred to third parties. The data are used solely for the purpose of processing to the conversation. Personal data from the message field are processed solely for the purpose of handling the communication. In the case of communication via e-mail, herein also lies the necessary legitimate interest in the processing of the data. The further personal data which are processed during submittal serve to prevent abuse of the contact form and to protect the security of our information technology systems. The legal basis for the processing of the data, provided the user has granted the relevant consent, is Article 6 Section 1 letter a of the GDPR. The legal basis for the processing of the data transferred as part of e-mail transmittal is Article 6 Section 1 letter f of the GDPR. If e-mail contact is made with the aim of concluding a contract, the additional legal basis for data processing is Article 6 Section 1 letter b GDPR. The data are deleted as soon as they are no longer needed for fulfilling the purpose for which they were collected. For the personal data from the message field of the contact form and for those transmitted via e-mail, this is the case when the specific communication with the user is concluded. The communication is concluded when the circumstances lead to the conclusion that the subject in question has been duly clarified. The user has the right at any time to revoke consent to the processing of personal data effective in the future. If the user makes contact with us via e-mail the user has the right at any time to revoke consent to storage of personal data. In such a case the conversation cannot be continued. In this case all personal data stored during the communication are then deleted.
2.4 Tracking Tools
Our Web site uses the tracking and Web site analysis tool Matomo.
The purpose for this is to increase the efficiency of our Web site and direct marketing activities. These tools are operated by third parties and require the transfer of data pertaining to the visitors to the Web site. The legal basis for the use of Web analysis is Article 6 Section 1 letter f GDPR.
2.5 Social Media Plug-ins
Our Web site uses the social media plug-in Youtube. We operate our own Youtube channel to present our products and services to you. The principle provision of this channel arises from our legitimate interest for marketing purposes as referred to in Article 6 Section 1 letter f of the GDPR.
3. Legal Basis for the Processing of Personal Data
Insofar as we obtain consent from the affected persons for processing operations on personal data, Article 6 Section 1 letter a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. For the necessary processing of personal data for fulfillment of a contract to which the affected person is a contractual partner, Article 6 Section 1 letter b of the GDPR serves as the legal basis. This also applies for processing operations required for performance of preliminary measures to fulfill a contract. Provided processing of personal data is required for the fulfillment of a legal obligation to which our company is subject, Article 6 Section 1 letter c of the GDPR serves as the legal basis. In the event that vital interests of the affected person or another natural person require the processing of personal data, Article 6 Section 1 letter d of the GDPR serves as the legal basis.
If processing is required in order to protect a legitimate interest of our company or a third party and if the interests, basic rights, and basic freedoms of the affected person do not outweigh the aforementioned interest, Article 6 Section 1 letter f of the GDPR serves as the legal basis for processing. In this case we have, in addition to the purposes named above, the legitimate interests of:
- Protecting the company from material and immaterial losses
- Professionalization of our products and services
- Cost optimization.
In addition. we process personal data in order to fulfill our obligations regarding the storage periods required under commercial or tax law. For legally prescribed or contractual requirements we have marked the relevant input fields in our message fields; these must be filled out by you so that we are able to provide the service you request.
4. Data Deletion and Storage Periods
The personal data of the affected person are deleted or blocked as soon as the purpose of storage no longer exists or storage is no longer required. This may have the result that personal data are stored during the period within which claims can be made against our company (legal periods of limitation of up to thirty years may be in force).
In addition, data may be stored in cases where this is prescribed by the European or national legislator in Union regulations, laws or other provisions to which the responsible party is subject. Relevant obligations regarding provision of proof and regarding storage periods are derived from, among others, the commercial code, the fiscal code, and the statute on money laundering. The storage periods referred to here are up to ten years. Blocking or deletion of data also occurs on expiration of the storage period prescribed in the regulations named unless further storage of the data is required for completion or fulfillment of a contract.
5. Transfer of Personal Data to Third Parties
In order to be able to offer you our products and services on the basis of our contractual obligations or legitimate interests, it is possible that we transfer your personal data to other companies within the corporate group.
In addition, we may be legally obliged to provide personal data to German and international authorities. The legal basis of this is Article 6 Section 1 letter c of the GDPR in combination local and international regulations and agreements.
6. Right of Objection in Accordance with Article 21 DSGVO
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data pertaining to you which is performed on the basis of Article 6 Section 1 letter e or f of the GDPR; this also applies to profiling which is based on these provisions.
The responsible party no longer processes personal data pertaining to you unless he can give evidence of compelling and legitimate grounds for processing which outweigh your interests, rights, and freedoms or unless processing serves the assertion, exercising, or defense of legal claims. If the personal data pertaining to you are used for the purpose of direct marketing activities you have the right at any time to object to the processing of your personal data for such purposes; this also applies to profiling provided this is associated with such direct marketing activities. If you object to data processing for the purpose of direct marketing activities, personal data pertaining to you will no longer be processed for this purpose. You have the possibility, in connection with the use of information society services – directive 2002/58/EC notwithstanding – to exercise your right of objection by means of automated methods in which technical specifications are applied.
7. Rights of the Person Affected
For us as a company it is important to make our methods of processing personal data transparent. We therefore point out that, in addition to your right of objection, you can also exercise further rights provided the relevant legal conditions are fulfilled:
- the right of access in accordance with Article 15 of the GDPR
- the right of correction in accordance with Article 16 of the GDPR
- the right of deletion (“the right to be forgotten”) in accordance with Article 17 of the GDPR
- the right to limit processing in accordance with Article 18 of the GDPR
- the right to information in accordance with Article 19 of the GDPR
- the right to data transferability in accordance with Article 20 of the GDPR
- (no) automatic decision in individual cases including profiling in accordance with Article 21 of the GDPR
To exercise your rights you can contact firstname.lastname@example.org by e-mail. We point out that, in order to be able to process your claim and for purposes of identification, we process your data in accordance with Article 6 Section 1 letter c of the GDPR.
You have the right at any time to revoke your data protection declaration of consent for the future. Based on prior consent, revocation of your consent does not affect the lawfulness of the processing of data which occurred prior to revocation. In some cases we have the right, despite revocation, to continue processing your data on other legal bases (such as fulfillment of a contract).
9. Right to Lodge a Complaint with a Regulatory Authority
Irrespective of other administrative or legal remedies, you have the right to lodge a complaint with a regulatory authority, in particular in the member state of your residence, your workplace, or the location of the alleged violation, if you are of the opinion that the processing of the personal data pertaining to you violates the GDPR.
The regulatory authority to which the complaint is made informs the complainant as to the status and results of the complaint, including the possibility of legal remedy in accordance with Article 78 DSGVO.