We attach a great deal of importance to protecting your personal data. Personal data processing therefore takes place in compliance with the applicable European and national legislation.
You may naturally revoke your declaration(s) of consent at any time with effect for the future. Please contact the controller according to § 1 to do so.
The following policy provides an overview of what type of data is collected, how it is used and disclosed, what security measures we take to protect your data, and how you can obtain information about the information we gather.
Legal basis for personal data processing
Insofar as we obtain the data subject’s consent to process their personal data, Art. 6, Para. 1, Clause 1, lit. a) of the EU General Data Protection Regulation (GDPR) shall apply as the legal basis.
In the event of personal data which is necessary to fulfilling a contract, the contracting party for which is the data subject, being processed, Art. 6, Para. 1, Clause 1, lit. b) of the GDPR shall apply as the legal basis. This also applies to processing which is required to carry out pre-contractual measures.
If personal data needs to be processed to fulfil a legal obligation to which we are subject, Art. 6, Para. 1, Clause 1, lit. c) of the GDPR shall apply as the legal basis.
If processing is necessary to protecting a legitimate interest on the part of our company or a third party, and if the data subject’s interests, fundamental rights and fundamental freedoms do not take precedence over the former interest, Art. 6, Para. 1, Clause 1, lit. f) of the GDPR shall apply as the legal basis for processing.
Deletion of data and duration of storage
The data subject’s personal data shall be deleted or blocked as soon as the purpose of storage ceases to apply. Storage can also take place if this was stipulated by the European or national legislator in Union regulations, legislation or other specifications to which we are subject. Blocking or deletion of the data also takes place if a storage period stipulated by the aforementioned standards elapses, unless the data must be stored for longer to conclude or fulfil a contract.
§ 1 The controller and the data protection officer
(1) Name and address of the controller
The controller under the terms of the General Data Protection Regulation, other national data protection legislation of the member states and other provisions under data protection legislation is:
(2) Name and address of the data protection officer
The controller’s data protection officer is:
Dieter Grohmann | AKWISO Datenschutz & Audit
Deutschland | Germany
Phone +49 831 5124 7030
§ 2 Definitions
a) Personal data means all information which relates to an identified or identifiable natural person (hereinafter referred to as the “data subject”). An identifiable natural person is one who can be identified either directly or indirectly, particularly by means of assignment to an identifier such as a name, to an ID number, to location data, to an online ID or to one or several particular features which are an expression of this natural person’s physical, physiological, genetic, mental, economic, cultural or social identity.
b) Data subject means any identified or identifiable natural person whose personal data is processed by the controller responsible for processing.
c) Processing means any listed operation carried out with or without the help of automated methods or any such series of operations associated with personal data such as collection, recording, organisation, arrangement, storage, adaptation or modification, reading, querying, use, disclosure through transfer, dissemination or provision in another way, comparison or linking, restriction, deletion or destruction.
d) Profiling means any kind of automated personal data processing which is characterised by the fact that this personal data is used to evaluate certain personal aspects relating to a natural person, and particularly to analyse or predict aspects concerning job performance, economic situation, health, personal preferences, interests reliability, behaviour, location or movements.
e) Pseudonymisation means personal data processing in such a way that the personal data can no longer be assigned to a specific data subject without the help of additional information, provided that this additional information is stored separately and subject to technical and organisational measures which guarantee that the personal data cannot be assigned to an identified or identifiable natural person.
f) Controller, or controller responsible for processing means the natural or legal person, authority, establishment or other body which, either alone or together with others, decides on the purposes and means of personal data processing. If the purposes and means of such processing are stipulated by Union or member state law, the controller and the specific criteria of their appointment may be provided for under Union or member state law.
g) Processor means a natural or legal person, authority, establishment or other body which processes personal data on the controller’s behalf.
h) Recipient means a natural or legal person, authority, establishment or other body to whom personal data is disclosed, regardless of whether or not it is a third party. However, authorities which may receive personal data in the context of a specific investigation mandate under Union or member state law are not considered to be recipients.
i) Third party means a natural or legal person, authority, establishment or other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.
j) Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes in the form of a declaration or another clear and affirmative act, by which the data subject signifies agreement to the processing of the personal data concerning them.
§ 3 Providing the website and creating log files
(1) When you are merely using the website for information purposes, i.e. if you do not register or otherwise transfer information to us, each time our website is accessed we automatically collect the following data and information from the accessing computer’s computer system:
a) Date and time of access
b) Content of hits (specific pages)
c) The names of downloaded files
d) The user’s IP address
e) Information about the browser type and the version used
f) The language and version of the browser software
g) The amount of data transferred
The data is also stored in our system’s log files. This data is not stored together with other personal data belonging to the user.
(2) The legal basis for the temporary storage of the log files is Art. 6, Para. 1, Clause 1, lit. f) of the GDPR.
(3) The temporary storage of the IP address by the system is necessary to
a) enable delivery of the website to the user’s computer. The user’s IP address must remain stored for the duration of the session for this purpose.
b) optimise the contents of our website and advertising for the same
c) guarantee the functionality of our IT systems and our website’s technology
d) provide law enforcement authorities with necessary information in the event of a cyber attack
Storage in log files is carried out to guarantee the functionality of the website. Additionally, we also use the data to optimise the website and to ensure the security of our IT systems. Evaluation of data for marketing purposes does not take place in this regard.
In these purposes, we also have a legitimate interest in data processing according to Art. 6, Para. 1, Clause 1, lit. f) of the GDPR.
(4) The data shall be deleted as soon as it is no longer required to achieve the purpose for which it was collected – in this case, when the usage process ends.
If data is stored in log files, this is done seven days afterwards at the latest. Extended storage is possible. In this case, the IP addresses are deleted or anonymised so that they can no longer be allocated to the accessing client.
(5) Data must be recorded under all circumstances to provide the website and store the data in log files for the purpose of operating the website, which is why there is no opportunity to object.
(1) This website uses “cookies”. Cookies are small text files which, as soon as you visit a website, are sent to your browser by a web server and are saved locally on your terminal device (PC, notebook, tablet, smartphone, etc.) and stored on your computer and allow the user (i.e. us) to receive certain information. Cookies are used to make the website more customer-friendly and secure, and particularly to collect usage-related information such as frequency of use and the number of page visitors, as well as website activity. Cookies do not damage the computer in any way and do not contain any viruses.
This cookie contains a characteristic character string (“cookie ID”), which enables unique identification of the browser the next time the website is called up.
- Language settings
- Session information
- Login information
The legal basis for personal data processing using cookies is Art. 6, Para. 1, Clause 1, lit. f) of the GDPR.
We need cookies for the following applications:
- Application of language settings
- Adoption of login information
The user data collected by technically necessary cookies is not used to create user profiles.
§ 5 Disclosure of data to third parties
(1) Links to external web pages
§ 6 Contact form and email contact
(1) On our website, there is a contact form which can be used to contact us electronically. If you use this option, the data entered in the input screen shall be transferred to us and stored. This data includes:
- First name
- Street, no.
- P.O. box
- Town / city
- Telephone number
- Email address
The following data is also stored when the message is sent:
- The user’s IP address
- Date and time
Alternatively, you can also contact us on the email address provided. In this case, the personal data which is transferred with the email is stored.
If this information relates to communication channels (e.g. your email address or telephone number), you are also consenting to the fact that we may, if necessary, contact you using these communication channels to respond to your request.
Your data shall not be disclosed to third parties in this regard. The data is only used for processing the conversation.
(2) The legal basis for data processing, provided that the user has given their consent to this effect, is Art. 6, Para. 1, Clause 1, lit. a) of the GDPR. The legal basis for processing data transferred in the course of sending an email is Art. 6, Para. 1, Clause 1, lit. f) of the GDPR. If you have contacted us by email with the aim of concluding a contract, Art. 6, Para. 1, Clause 1, lit. b) of the GDPR forms an additional legal basis.
(3) We only process personal data from the input screen to process the contact request. We shall naturally only use the data from your email enquiry for the purpose for which you are providing it during such contact. If the user makes contact by email, there is also a required legitimate interest in data processing when we reply. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our IT systems.
(4) The data shall be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the contact form’s input screen and the data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the situation concerned has been conclusively clarified. The personal data also collected during the sending process is deleted after a period of seven days at the latest.
(5) You have the opportunity to revoke your consent to the processing of your personal data at any time. If you contact us by email, you can object to the storage of your personal data at any time. The conversation cannot be continued in a case such as this. With regard to revocation of consent / objection to storage, we ask that you contact the controller or the data protection officer according to § 1 by email or post. All personal data stored during the course of contact is deleted in this case.
§ 7 Google Analytics
(1) On our website, we use the service provided by Google Inc. (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to analyse our users’ surfing behaviour. The software sets a cookie on your computer (see (4) for information about cookies). If individual pages of our website are viewed, the following data is stored:
- Two bytes of the IP address of the user’s accessing system
- The web page viewed
- Entry pages, exit pages
- The time spent on the website and the cancellation rate
- The frequency of visits to the website
- The country of origin and regional origin, language, browser, operating system, screen resolution, use of Flash or Java
- Search engines and search terms used
(2) The information generated by the cookie about the users’ use of this website shall generally be transmitted to and stored on a Google server in the USA.
(3) The legal basis for personal data processing is Art. 6 (1), sentence 1 (a) of the GDPR. For the exceptional situations where personal data is transmitted to the USA, Google has subjected itself to the EU/US Privacy Shield Agreement: https://www.privacyshield.gov/EU-US-Framework.
(4) Google shall use this information on our behalf to evaluate your use of the website and to compile reports on website activities. Evaluation of the obtained data allows us to compile information about the use of our website’s individual components. This helps us to constantly improve our website and its user-friendliness.
(5) The data shall be deleted as soon as it is no longer required for the purposes that it was collected for. In our case, this is after 14 months.
(7) If you visit our website using your mobile device, you can also object to the use of Google Analytics here by deactivating Google Analytics ce following link: Deactivate Google Analytics. In this case, a cookie that tells Google to stop tracking is set in your browser.
(9) According to Art. 13 and Art. 14 of the GDPR, we hereby inform you that we collect your data and process it in the course of further processing. You hereby agree to the disclosure of your personal data. Of course, according to Art. 15 of the GDPR, you have a right of access at any time to confirm our processing activities, a right of rectification (Art. 16 of the GDPR), a right of erasure (Art. 17 of the GDPR) and a right to restriction of processing (Art. 18 of the GDPR).
You shall be notified of your personal data being rectified or erased, or of processing of your data being restricted, on request according to Art. 19 of the GDPR. Furthermore, you can request that data be transmitted to another controller at any time under the conditions set down in Art. 20 of the GDPR. You also have the right to object at any time to the processing of personal data concerning you according to Art. 21 of the GDPR by emailing at email@example.com.
§ 8 Integration of Google Maps
(1) Our website uses the services of Google Maps. This allows us to display interactive maps on our website and permits you convenient usage of the map function.
(2) When you visit the website, Google receives the information that you have accessed the respective sub page of our website. In addition, the data listed under § 7 of this statement is transmitted. This is the case irrespective of whether or not you have a Google user account and are logged into it. If you are logged into a Google account, your data is associated directly with your account. If you do not wish for your data to be associated with your Google profile, log out before activating the button. Google saves your data as usage profiles and uses it for the purposes of promotion, market research and/or tailoring its website to the users' needs. In particular, this evaluation is conducted (even for users not logged into a user account) to provide tailored advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles, but in order to exercise this right, you will have to contact Google.
(3) For further information on the purpose and extent of data collection and processing thereof by the plug-in provider, refer to the provider's data privacy statement. It also contains information on your associated rights and setting options to protect your privacy: https://www.google.de/intl/en/policies/privacy . Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
§ 9 Rights of the data subject
If personal data about you is processed, you are the data subject under the terms of the GDPR, and you are entitled to the following rights vis-à-vis the controller:
- Right of access
- Right to correction
- Right to restriction of processing
- Right to deletion
- Right to information
- Right to data portability
- Right to object to processing
- Right to revocation of consent under data protection legislation
- Right to not be subject to automated decision-making
- Right to lodge complaints with a supervisory authority
1. Right of access
(1) You can request confirmation of whether personal data concerning you is processed by us from the controller. If such
processing takes place, you may request free information about the personal data stored about you and about the following from the controller:
a) The purposes for which the personal data is being processed;
b) The categories of personal data which are processed;
c) The recipients or categories of recipients to whom the personal data concerning you was or shall be disclosed;
d) The planned duration of storage of the personal data concerning you or, if specific information cannot be provided on this matter, criteria for defining the duration of storage;
e) The existence of a right to correct or delete the personal data concerning you, a right to restrict processing by the controller, and a right to object to such processing;
f) The existence of a right to lodge a complaint with a supervisory authority;
g) All of the available information about the origin of the data, if the personal data was not collected from the data subject;
h) The existence of automated decision-making, including profiling according to Art. 22, Paras. 1 and 4 of the GDPR, and – at least in these cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
(2) You are entitled to the right to request information about whether the personal data concerning you is transferred to a third country or an international organisation. In this context, you can request to be informed of the appropriate safeguards according to Art. 46 of the GDPR in connection with such transfer.
2. Right to correction
You have a right to immediate correction and/or completion vis-à-vis the controller, provided that the processed personal data concerning you is incorrect or incomplete.
3. Right to restriction of processing
(1) You can request from the controller that processing of the personal data concerning you be immediately restricted under the following conditions:
a) If you dispute the accuracy of the personal data concerning you for a duration that enables the controller to check the accuracy of the personal data;
b) If processing is unlawful and you refuse deletion of the personal data and instead request restriction of your personal data’s use;
c) The controller no longer needs the personal data for the purposes of processing, but you require the same to establish, exercise or defend legal claims; or
d) If you have objected to processing according to Art. 21, Para. 1 of the GDPR and it has not yet been determined whether the controller’s legitimate grounds take precedence over your grounds.
(2) If processing of the personal data concerning you is restricted, such data may – with the exception of storage – only be processed with your consent, for the establishment, exercise or defence of legal claims, for the protection of rights of another natural or legal person, or for reasons of important public interest of the Union or of a member state. If restriction of processing was not carried out according to the aforementioned conditions, you shall be informed by the controller before the restriction is removed.
4. Right to deletion
(1) You can ask the controller to immediately delete the relevant personal data if one of the following grounds apply:
a) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
b) You revoke your consent on which processing according to Art. 6, Para. 1, lit. a) or Art. 9, Para. 2, lit. a) of the GDPR was based, and there are no other legal grounds for processing.
c) You object to processing according to Art. 21, Para. 1 of the GDPR and there are no other overriding legitimate grounds for processing, or you object to processing according to Art. 21, Para. 2 of the GDPR.
d) The personal data concerning you was processed unlawfully.
e) Deletion of the personal data concerning you is required to fulfil a legal obligation under Union law or the law of the member states to which the controller is subject.
f) The personal data concerning you was collected in relation to the offer of information society services according to Art. 8, Para. 1 of the GDPR.
(2) If the controller has made the personal data concerning you public and is obligated to delete the same according to Art. 17, Para. 1 of the GDPR, taking account of the available technology and the associated implementation costs the controller shall take appropriate measures, including those of a technical nature, to inform other controllers processing the personal data that you as the data subject have requested the deletion of all links to this personal data or to copies or replications of the same.
(3) The right to deletion does not exist insofar as processing is required
a) to exercise the right to freedom of expression and information;
b) to fulfil a legal obligation which requires processing according to Union or member state law to which the controller is subject, to perform a task carried out in the public interest, or to exercise official authority vested in the controller;
c) for reasons of public interest in the area of public health according to Art. 9, Para. 2, lit. h) and i), as well as Art. 9, Para. 3 of the GDPR;
d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes according to Art. 89, Para. 1 of the GDPR, insofar as the right mentioned under a) is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
e) for the establishment, exercise or defence of legal claims.
5. Right to information
If you have asserted your right to correction, deletion or restriction of processing vis-à-vis the controller, the controller is obligated to inform all the recipients to whom the personal data concerning you was disclosed of this correction or deletion of data or of the restriction of processing, unless doing so proves to be impossible or would involve a disproportionate effort. You are entitled to receive information about these recipients from the controller.
6. Right to data portability
(1) You have the right to receive the respective personal data which you provided to the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, insofar as
a) processing is based on consent according to Art. 6, Para. 1, lit. a) of the GDPR or Art. 9, Para. 2, lit. a) of the GDPR or on a contract according to Art. 6, Para. 1, lit. b) of the GDPR; and
b) processing is carried out by automated means.
(2) In exercising this right, you further have the right to have the personal data concerning you transferred directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected by the exercising of this right.
(3) The right to data portability does not apply to the processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
(4) With regard to asserting the right to data portability, the data subject can contact the controller responsible for processing at any time.
7. Right of objection
(1) You have the right, on grounds relating to your particular situation, to object at any time to processing of the personal data concerning you based on Art. 6, Para. 1, lit. e) or f) of the GDPR; this also applies to profiling based on these provisions.
(2) The controller shall no longer process the personal data concerning you unless they can demonstrate compelling and legitimate grounds for processing which outweigh your interests, rights and freedoms, or if processing serves to establish, exercise or defend legal claims.
(3) If the personal data concerning you is processed for the purpose of carrying out direct advertising, you have the right at any time to object to processing of the personal data concerning you for the purposes of such advertising; this also applies to profiling if it is in conjunction with such direct advertising. If you object to processing for the purposes of direct advertising, the personal data concerning you shall no longer be processed for these purposes.
(4) In connection with the use of information society services – notwithstanding Directive 2002/58/EC – you can exercise your right of objection by automated means where technical specifications are used.
(5) To exercise the right of objection, the data subject can contact the controller responsible for processing.
8. Right to revocation of your declaration of consent under data protection legislation
You have the right to revoke your declaration of consent under data protection legislation at any time. Revocation of consent does not affect the lawfulness of processing carried out based on consent up until the same is revoked. You can contact the controller for this purpose.
9. Automated decision on a case-by-case basis, including profiling
(1) You have the right to not be subjected to a decision based solely on automated processing – including profiling – which has legal implications for you or significantly affects you in another way. This does not apply if the decision
a) is required to conclude or fulfil a contract between you and the controller;
b) is permissible based on Union or member state legislation to which the controller is subject, and this legislation contains appropriate measures to protect your rights and freedoms as well as your legitimate interests; or
c) is made with your express consent.
(2) However, these decisions may not be based on specific categories of personal data according to Art. 9, Para. 1 of the GDPR, insofar as Art. 9, Para. 2, lit. a) or g) of the GDPR does not apply and appropriate measures were taken to protect rights and freedoms as well as your legitimate interests.
(3) With regard to the cases mentioned in (1) and (3), the controller shall take appropriate measures to protect rights and freedoms as well as your legitimate interests, which at least includes the controller’s right to request someone’s intervention, present their own point of view and contest the decision.
(4) If the data subject would like to assert rights in relation to automated decision-making, they can contact the controller for data processing concerning this matter at any time.
10. Right to lodge complaints with a supervisory authority
Regardless of another administrative or judicial legal remedy, you have the right to lodge complaints with a supervisory authority, particularly in the member state where your place of residence, your workplace or the place of the suspected violation is located if you believe that the processing of the personal data concerning you is in violation of the GDPR. The supervisory authority with whom the complaint was lodged informs the complainant of the status and results of the complaint, including the possibility to appeal according to Art. 78 of the GDPR.