This Data Protection Statement clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within this online offer (hereinafter referred to as "online offer"). Regarding the terminology used, for example, "processing" or "controller", reference is made to the definitions in art. 4 of the General Data Protection Regulation (GDPR).
Personal data (for example, names, addresses);
Contact data (for example, email, phone numbers);
Content data (for example, texts, photos, videos);
Metadata / transmission data (for example, device information, IP addresses).
Providing the online offer, its functions and content;
Response to contact requests and communication with users;
"Data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
According to Art. 13 GDPR, we inform you about the legal basis of data processing. If the legal basis is not mentioned in the Data Protection Statement, the following applies: the legal basis for obtaining the consent is Art. 6 paragraph (1) lit. (a) and Art. 7 GDPR, the legal basis for processing in order to perform our services and implement contractual measures, as well as to answer questions is Art. 6 paragraph (1) lit. (b) GDPR, the legal basis for processing in order to fulfill the legal obligations is Art. 6 paragraph (1) lit. (c) the GDPR and the legal basis for processing in order to protect our legitimate interests is Art. 6 paragraph (1) lit. (f) GDPR. In case the vital interests of the data subject or of another natural person require data processing, Art. 6 paragraph (1) lit. (d) GDPR serves as a legal basis.
Please be informed on a regular basis about the content of our Data Protection Statement. We will adapt the Data Protection Statement as soon as the changes in the data processing carried out by us will make this necessary. We will inform you as soon as the changes require a reaction from you (for example, consent) or other individual notification.
If we disclose data to other persons and companies (processors or third parties) as part of our data processing, transfer them to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (for exammple if the data is transmitted to third parties, as to payment service providers, in accordance with Art. 6 paragraph (1) lit. (b) GDPR for the fulfillment of the contract), you have consented, a legal obligation provides this or on the basis of our legitimate interests (for example, when cooperating with agents, web hosting providers etc.).
If we engage third parties to process data on the basis of a so-called "Data Processing Agreement", this is done on the basis of Art. 28 GDPR.
Data will not be transferred to third countries (i.e. outside the European Union (EU) or the European Economic Area (EEA)).
You have the right to request confirmation as to whether the data concerning yourself is processed, the right to obtain additional information about the data, as well as a copy of the data, in accordance with Art. 15 GDPR.
According to Art. 16 GDPR, you have the right to request the completion or correction of incorrect data concerning yourself.
According to Art. 17 GDPR, you have the right to request the immediate deletion of the data concerning yourself, alternatively, in accordance with Art. 18 GDPR, you have the right to request a restriction on their processing.
You have the right to request that the data concerning yourself, that you have provided to us, be transmitted to you in accordance with Art. 20 GDPR and request their transmission to other controllers.
You also have the right, according to Art. 77 GDPR, to lodge a complaint with the responsible supervisory authority.
You have the right to withdraw your consent, in accordance with Art. 7 paragraph (3) GDPR, with effect for the future.
You have the right to object at any time to the future processing of your data, in accordance with Art. 21 GDPR. The objection can especially be made against processing for direct marketing purposes.
The data processed by us are deleted in accordance with Art. 17 and 18 GDPR or their processing is restricted. Unless otherwise expressly stated in this Data Protection Statement, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflicht with any statutory retention requirements. If the data are not erased, because they are necessary for other purposes and are legally allowed, their processing will be restricted. The data will be blocked and will not be processed for other purposes. This applies, for example, to data being kept for commercial or fiscal reasons.
According to the legal requirements in Germany, storage is carried out especially for 6 years in accordance with § 257 paragraph 1 HGB (trading books, inventories, opening balance sheets, annual accounts, commercial letters, booking receipts etc.) and for 10 years in accordance with § 147 paragraph 1 AO (registries, records , management reports, booking documents, commercial and business letters, documents that are relevant for taxation etc.).
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offer.
We or our web hosting provider process personal data, contact data, content data, contract data, usage data, metadata and transmission data for customers, interested parties and visitors of this online offer, based on our legitimate interests in the efficient and safe delivering of this online offer, in accordance with. Art. 6 paragraph (1) lit. (f) GDPR in conjunction with Art. 28 GDPR (concluding of a Data Processing Agreement).
Based on our legitimate interests within the meaning of Art. 6 paragraph (1) lit. (f) GDPR, we or our web hosting provider collect data about each access to the server on which this service is located (the so-called log files). Access data include the name of the web page accessed, file, date and time of the access, amount of data transferred, notification of access, name, type, version and preferred languages of the browser, name of the user's operating system, referrer URL (the address of the previously visited page), IP address and the name of the visitor's internet provider.
For security reasons (for example, investigation of abuse or fraud), log files information is stored for up to 7 days and then will be deleted. Data whose additional storage is required for the purpose of delivering legal evidence are excluded from deletion until the final clarification of the incident.
When you contact us (for example, using the contact form, email, telephone or through social networks), the information provided by the user is processed in accordance with Art. 6 paragraph (1) lit. (b), in order to edit the contact request and to respond to it. The information provided by the users can be stored in a Customer Relationship Management System (CRM) or in a similar system.
Informations from requests will be deleted when they are no longer needed. We check the necessity every two years. Also, the statutory retention obligations apply.