I. General information
1. scope of application
This data protection declaration applies to all business relationships with customers and suppliers, rental and lease relationships, employment relationships and all other business relationships.
The declarations also apply to pre-contractual or business-like relationships.
The European Union has regulated the rights and obligations of data subjects and companies collecting data in the Basic Data Protection Regulation (EU-DSGVO). Affected persons are all persons from whom personal data is collected.
According to Art. 13, 14 EU-DSGVO, collecting companies are obliged to provide information on the scope of the data collected, the processing of this data and the rights of the data subjects.
3. scope of data collected
Depending on the type of business relationship, the amount of data collected may vary considerably. Personal data is all data that can be personally related to the person concerned. Personal data generally includes personal data: Name, address, contact data, bank details, date of birth, but also any other data that may be collected.
4. data sources
Primary data sources are direct data of the data subject in the context of correspondence, telephone calls or personal conversations. Depending on the type, this can be extended by further research, in particular in telephone directories, or by payment transactions.
1. data protection officer
The contact details of the data protection officer are as follows:
2. Complaints Office
A supervisory authority is available for potential infringements. The supervisory authority responsible for the person concerned is his or her place of residence. A list of the supervisory authorities can be found at: http:/www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
The collection and processing of personal data is carried out to implement the contract with the person concerned as well as for pre-contractual measures and to maintain the business relationship with the person concerned.
The data collected is required for correspondence with business partners and for processing the respective business relationship. The lawfulness of the collection follows from Art. 6 para. 1 EU-DSGVO, in particular from Art. 6 para. 1 lit. b) EU-DSGVO.
In principle, the data is stored and processed for the duration of the business relationship. In addition, data can also be stored for a longer period of time if this is justified to protect business interests. Data may be stored for at least 6 years, in particular to comply with legal and statutory retention periods.
4. protective devices
Current technical measures for the protection of personal data are maintained. These measures are continuously adapted to the state of the art by estimating the concrete risk situation.
IV. Automated decision-making
For the conclusion or performance of the contract between the data subject and the controller, automated processing is necessary in some areas in order to evaluate certain personal aspects relating to the data subject. This is particularly the case when ordering services via a special online portal. In these areas, programmed systems use personal data to decide whether services can be offered or not. The place of performance/place of residence is decisive.
According to Art. 15 EU-DSGVO, data subjects may at any time request information about the scope of data stored about them.
2. deletion, correction and limitation
Data subjects may request the deletion of their data under the conditions set out in Art. 17 EU-DSGVO, the correction of their data under the conditions set out in Art. 16 EU-DSGVO and the restriction of the processing of their data under Art. 18 EU-DSGVO.
3. data transmission
According to Art. 20 EU-DSGVO, persons concerned have the right to data transmission to another company, insofar as this is technically possible at all and trade secrets remain unaffected.
4. revocation declaration of consent
Where the processing of personal data is based on the consent given by the data subjects, the data subjects shall have the right to withdraw such consent at any time. The revocation of consent shall not affect the lawfulness of the processing of personal data on the basis of consent until revocation.
VI. transmission to third parties, order processing
As a matter of principle, personal data will only be passed on to third parties in compliance with the statutory provisions. The transfer of personal data to contract processors used by the responsible person (Art. 28 EU-DSGVO) for the purpose specified in Point III. 1. is permissible.
VII. collection of personal data when visiting the website
If the websites are used merely for information purposes without registration and without the transmission of other information by the person concerned, only personal data transmitted from the browser to the server will be collected. If the data subject wishes to view the websites, the following data, which are technically necessary for the responsible person to display the websites and to ensure stability and security, will be collected (legal basis is Art. 6 Para. 1 S.1 lit. f DSGVO):
– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Contents of the request (concrete page)
– Access status/HTTP status code
– amount of data transferred in each case
– Website from which the request originates
– Operating system and its interface
– Language and version of the browser software.
(1) In addition to the aforementioned data, cookies are stored on the computer of the person concerned when the website is used. Cookies are small text files that are stored on the hard drive of the browser used by the person concerned and through which certain information flows to the location that sets the cookie. Cookies cannot execute programs or transmit viruses to the computer of the person concerned. They serve to make the website more user-friendly and effective.
(2) The Websites use the following types of cookies, the scope and function of which are explained below:
– Transient cookies (see a.)
– Persistent cookies (see b.).
a) Transient cookies are automatically deleted when the browser is closed. These include in particular session cookies. They store a so-called session ID, which can be used to assign various browser queries to the joint session. This enables the computer of the person concerned to be recognised when he or she returns to the website. The session cookies are deleted when the person concerned logs out or closes the browser.
b) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. The person concerned can delete the cookies at any time in the security settings of their browser.
c) The person concerned can configure his/her browser settings according to his/her wishes and, for example, reject the acceptance of third-party cookies or all cookies. So-called “Third Party Cookies” are cookies set by a third party, therefore not by the actual website you are currently on. Disabling cookies may prevent you from using all the features of the site.
d) Cookies are used to identify the data subject for subsequent visits if the data subject has an account with the responsible person. Otherwise, you will have to log in again for each visit.
e) Furthermore, HTML5 storage objects are used that are stored on the mobile device of the person concerned. These objects store the required data independently of the browser used by the person concerned and do not have an automatic expiration date. The person concerned can prevent the use of HTML5 storage objects by using private mode in their browser. It is also recommended to delete cookies and the browser history manually on a regular basis.
Further functions and offers of the websites
(1) In addition to the purely informational use of the websites, various services are offered which the person concerned can use if interested. For this purpose, the data subject must generally provide further personal data which are used to provide the respective service and to which the aforementioned data processing principles apply.
(2) External service providers are sometimes used to process personal data. These have been carefully selected and commissioned, are bound by the instructions of the collecting company and are checked regularly.
(3) Furthermore, the personal data may be passed on to third parties if the collecting company offers participation in promotions, competitions, the conclusion of contracts or similar services together with partners. The person concerned will receive more detailed information on this when providing his/her personal data or in the description of the offer.
(4) Insofar as the commissioned service providers or partners are based in a country outside the European Economic Area (EEA), the person concerned will be informed of the consequences of this circumstance in the description of the offer.
Use of our web shop
(1) If the person concerned wishes to order in the web shop, it is necessary for the conclusion of the contract that he/she provides his/her personal data which is required for the processing of his/her order. Mandatory information required for the processing of contracts is marked separately, further information is voluntary. The data provided by the person concerned will be processed for the processing of his/her order. For this purpose, their payment data can be passed on to the house bank of the collecting company. The legal basis for this is Art. 6 Para. 1 lit. b) DSGVO. The person concerned can voluntarily create a customer account through which the collecting company can store their data for later further purchases. When creating an account under “My Account”, the data provided by the person concerned will be stored revocably. All other data, including the user account, can always be deleted by the person concerned in the customer area.
(2) The collecting company is obliged by commercial and tax law to store address, payment and order data for a period of ten years. However, after two years the processing will be restricted in such a way that the data will only be used to comply with legal obligations.
(3) To prevent unauthorised access by third parties to personal data, in particular financial data, the ordering process is encrypted using TLS technology.
Data protection regulations for the use of external payment service providers
(1) The collecting company offers several payment methods for the use of the web shop and in doing so serves us with different payment service providers. Depending on the payment method chosen by the person concerned, different data will be transmitted to the respective payment service provider. The legal basis for the transfer is Art. 6 Para. 1 lit. a) DSGVO. The payment service providers in question are listed below.
If the person concerned chooses the PayPal payment method, the personal data will be transferred to PayPal. The prerequisite for using PayPal is the opening of a PayPal account. When a PayPal account is used or opened, its name, address, telephone number and e-mail address must be transmitted to PayPal. The legal basis for the transfer of data is Article 6 para. 1 lit. a) DSGVO (consent) and Article 6 para. 1 lit. b) DSGVO (processing for the fulfilment of a contract).
Operator of the payment service PayPal is the:
PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal
(1) With their consent, the data subject may subscribe to the newsletter of the company collecting the data, with which the data subject is informed about current interesting offers. The advertised goods and services are specified in the declaration of consent.
(2) The double opt-in procedure is used to register for the newsletter. This means that after registration by the person concerned, an e-mail is sent to the e-mail address provided in which the person concerned is asked to confirm that he or she wishes the newsletter to be sent. If the person concerned does not confirm their registration within 24 hours, their information will be blocked and automatically deleted after one month. In addition, the IP addresses used and the times of registration and confirmation are stored. The purpose of the procedure is to provide proof of registration and, if necessary, to clarify any possible misuse of personal data.
(3) The e-mail address of the person concerned is the only mandatory information for sending the newsletter. The indication of further, specially marked data is voluntary and is used to address the person concerned personally. After their confirmation, their e-mail address will be stored for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 lit. a) DSGVO.
(4) The person concerned can revoke his/her consent to the sending of the newsletter at any time and cancel the newsletter. The person concerned can declare his or her revocation by clicking on the link provided in every newsletter e-mail, using this form on the website, by sending an e-mail to firstname.lastname@example.org or by sending a message to the contact details given in the imprint.
(5) The collecting company informs the person concerned that his or her user behaviour will be evaluated when the newsletter is sent. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files stored on the website. For evaluation purposes, the data specified in Section VII and the web beacons are linked to the e-mail address and an individual ID. The data is collected exclusively under pseudonyms, i.e. the IDs are not linked to any other personal data and direct personal references are excluded. The person concerned can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing the collecting company of another contact method. The information is stored as long as the person concerned has subscribed to the newsletter. After a cancellation, the data is stored purely statistically and anonymously.
Use of Google Analytics
(1) This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on the user’s computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymisation is activated on this website, the IP address of the person concerned will be shortened by Google in advance within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating website usage, compiling reports on website activity and providing other services to website operators relating to website activity and internet usage.
(2) The IP address transmitted by the browser of the person concerned as part of Google Analytics is not combined with other data from Google.
(4) This website uses Google Analytics with the extension “_anonymizeIp()”. This shortens the processing of IP addresses, thus excluding the possibility of personal references. If the data collected about the person concerned is related to a person, this is excluded immediately and the personal data is deleted immediately.
(5) The collecting company uses Google Analytics to analyse and regularly improve the use of its website. The company can use the statistics obtained to improve its offer and make it more interesting for the person concerned as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 Para. 1 S. 1 lit. f DSG-VO.
(7) This website also uses Google Analytics for a cross-device analysis of visitor flows conducted through a User ID. The person concerned can deactivate the cross-device analysis of their use in their customer account under “My data”, “Personal data”.
Use of Google Fonts
The survey company uses Google Fonts. When using Google Fonts, a font is downloaded from a Google server. However, information is also sent from the browser to the Google server, which presumably stores it.
Use of social media plug-ins
(1) The collecting company currently uses the following social media plug-ins: [Facebook, Google+, Twitter, Xing, T3N, LinkedIn, Flattr]. It uses the so-called two-click solution. This means that if the person concerned visits the website of the company collecting the data, no personal data will initially be passed on to the providers of the plug-ins. The person concerned recognizes the provider of the plug-in by the mark on the box above his initial letter or the logo. The person concerned is given the opportunity to communicate directly with the provider of the plug-in via the button. Only if the person concerned clicks on the marked field and thereby activates it does the plug-in provider receive the information that the person concerned has called up the corresponding website of the online service. In addition, the data mentioned under point VII of this declaration will be transmitted. In the case of Facebook and Xing, the IP address is made anonymous immediately after collection, according to information provided by the respective providers in Germany. By activating the plug-in, personal data is transferred from the person concerned to the respective plug-in provider and stored there (in the case of US providers in the USA). Since the plug-in provider collects the data in particular via cookies, it is recommended to delete all cookies via the security settings of the affected person’s browser before clicking on the grayed-out box.
(2) The collecting company has neither influence on the collected data and data processing procedures, nor is the collecting company aware of the full scope of data collection, the purposes of processing, the storage periods. Also for the deletion of the collected data by the plug-in provider no information is available to the collecting company.
(3) The plug-in provider stores the data collected about the person concerned as usage profiles and uses these for the purposes of advertising, market research and/or the design of its website to meet demand. Such an evaluation is carried out in particular (also for users who are not logged in) to display demand-oriented advertising and to inform other users of the social network about the activities of the person concerned on the website of the company collecting the data. The person concerned is entitled to object to the creation of these user profiles, whereby the person concerned must contact the respective plug-in provider to exercise this right. The plug-ins enable the data subject to interact with the social networks and other users, so that the collecting company can improve its offer and make it more interesting for the data subject as a user. The legal basis for the use of plug-ins is Art. 6 para. 1 sentence 1 lit. f DSGVO.
(4) Data shall be passed on irrespective of whether the person concerned has an account with the plug-in provider and is logged in there. If the person concerned is logged on to the plug-in provider, the data collected will be assigned directly to his/her existing account with the plug-in provider. If the person concerned clicks the activated button and, for example, links the page, the plug-in provider also stores this information in their user account and communicates it publicly to their contacts. It is recommended to log out regularly after using a social network, but especially before activating the button, as this allows the person concerned to avoid being assigned to their profile by the plug-in provider.
(5) The person concerned receives further information on the purpose and scope of data collection and processing by the plug-in provider in the data protection declarations of these providers provided below. They will also receive further information on their rights in this regard and setting options to protect their privacy.
(6) Addresses of the respective plug-in providers and URL with their data protection information:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=en. Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
d) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
e) T3N, yeebase media GmbH, Kriegerstr. 40, 30161 Hanover, Germany; https://t3n.de/store/page/datenschutz.
f) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
g) Flattr network Ltd. with seat in 2nd Floor, White bear yard 114A, Clerkenwell Road, London, Middlesex, England, EC1R 5DF, Great Britain; https://flattr. com/privacy.
Integration of Google Maps
(1) On this website the offer of Google Maps is used. This allows the person concerned to view interactive maps directly on the website and enables the person concerned to conveniently use the map function.
(2) By visiting the website, Google receives the information that the person concerned has accessed the corresponding subpage of our website. In addition, the data referred to in Section VII of this declaration will be transmitted. This takes place regardless of whether Google provides a user account that the person concerned is logged on to or whether there is no user account. If the data subject is logged in to Google, their data will be directly associated with their account. If the data subject does not want their profile to be associated with Google, they must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research and/or for tailoring its website to suit your needs. Such evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about their activities on the website of the company collecting the data. The person concerned has the right to object to the creation of these user profiles, and must contact Google to exercise this right.
(3) Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of the provider. There he also receives further information on his rights in this regard and setting options for the protection of his privacy: http://www.google.de/intl/de/policies/privacy. Google also processes the personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
The aforementioned provisions shall apply mutatis mutandis to corresponding successor products and technologies.
Version: May 2018