Name and contact of the data processor according to Section 4(7) GDPR.
Security and protection of your personal data
We consider it our primary task to maintain the confidentiality of the personal data provided by you and protect it from unauthorised access. For this reason, we apply utmost diligence and state-of-the-art security standards to ensure the
protection of your personal data. As a private company, we are subject to theprovisions of the European General Data Protection Regulation (GDPR) and the provisions of the Federal Data Protection Act (BDSG). We have taken technical
and organisational measures to ensure to ensure that the provision on data protection are complied with by us as well as by our external service providers.
The law demands that personal data be processed in a lawful manner, in good faith and in a manner that is transparent for the data subject (“lawfulness, processing in good faith, transparency”). To ensure this we inform you about the
individual legal definitions as they are used in the Privacy Statement:
Personal data “Personal data” is all information that relates to an identified or identifiable natural person (hereinafter referred to as “data subject”); a natural person is considered to be identifiable if the person can be identified, directly or indirectly, especially by means of attribution to an identifier such as a name, to an
identification number, to an online identifier or to one or more specific characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.Processing “Processing” means any action or set of actions that is performed on personal data or sets of data, whether automated or not, e.g. the collection, registration, organisation, arrangement, storage, adjustment or change, reading, querying, using, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, erasure or destruction.Restriction of processing Restriction of processing means the marking of stored personal data in order to restrict its processing in the future.Profiling Profiling means any automated processing of personal data that uses this personal data to evaluate certain personal aspects relating to a natural person, especially to analyse or predict aspects of work performance, economic situation, health, personal preferences, interests, reliability, conduct, place of residence or change
of location of this natural person.Pseudonymisation Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without bringing in additional information if this additional information is kept separately and is subject to technical and organisational measures, which ensure that the personal data cannot be attributed to an identified or identifiable natural person.File sytem “File system” refers to any structured collection of personal data that is accessible according to specific
criteria, regardless of whether the collection is centralised, decentralised or managed according to functional or geographical aspects.Data Controller“Data controller” refers to any natural or legal person, authority, institution or other body that decides, alone or jointly with others, on the purpose and method of processing personal data; if the purpose and method of processing are prescribed by EU law or by the law of the Member States, the data controller or the specific criteria of their designation may be provided for in EU law or in the law of the Member States.Processor A “processor” is the natural or legal person, public authority or other body that processes data on behalf of the controller.Recipient A “recipient” is a natural or legal person, public authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that receive personal data in the context of a specific investigation mandate under EU law or the law of the Member States are not deemed recipients. Processing of this data by the aforementioned authorities is done in compliance with applicable data protection provisions according to the purpose of the processing.Third party A “third party” is a natural or legal person, public authority, institution or other body that is not the data subject, the controller, the processor; and those persons who are authorised, under the direct responsibility of the controller or the processor, to process the personal data.Consent“Consent” is any informed, unambiguous and freely given permission by the data subject for the specific case in the form of a declaration or any other unambiguous affirmative action by which the data
subject agrees to have the personal data relating to him or her processed.
The processing of personal data is only legitimate when a legal basis for the processing is in place. Under Section 6(1) lit. a–f GDPR, the following in particular can constitute the legal basis for the processing:
The data subject has given his/her consent to the processing of the personal data concerning him/her for one or more specific purposes;the processing is required for executing a contract of which the data subject is a party or for the implementation of pre-contractual measures that are taken at the request of the data subject;the processing is required to fulfil a legal obligation the controller must comply with;the processing is required in order to protect vital interests of the data subject or another natural person;the processing is required for the exercise of a task that is in the public interest or is due to a public authority that was assigned to the controller;processing is required to protect legitimate interests of the controller or a third party unless the interests or fundamental rights and liberties of the data subject, which require the protection of personal data, outweigh them; especially if the data subject is a child.
Information on the collection of personal data
(1) In the following, we provide information on the collection of personal data when using our website. Personal data are, for example, name, address, e-mail addresses, user behaviour.
(2) When contacting us by e-mail or using a contact form, the data provided by you (your e-mail address; your name and telephone number, if necessary) are stored by us in order to answer your questions. Any data incurred in this context is deleted by us after the storage is no longer
necessary; or processing is restricted if legal retention obligations exist.
Collection of personal data when you visit our website
If you use our website merely for information purposes, i.e. if you don’t register or provide us with information in any other way, we collect only the personal data that your browser transmits to us. If you want to look at our website, we collect the following data that is technically necessary in order to show you the website and guarantee its stability and security (legal basis:
Section 6 page 1 lit f GDPR):
- IP address
- Date and time of access
- Time zone difference from the Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Respective data volume transmitted
- Website from which the request comes
- Operating system and its user interface
- Language and version of the browser software.
(1) In addition to the aforementioned data, cookies are stored on your computer when you visit our website. Cookies are small text files that are allocated to the browser used by you and stored on your hard disk; placing the cookie makes certain information available to the site that places it. Cookies cannot execute programs or transmit viruses to your computer. They only serve to make the website more user-friendly and efficient. (2) This website uses the following types of cookies, whose scope and functionality will be explained in the following:
- Transient cookies (Item a.)
- Persistent cookies (Item b.).
- Transient cookies are deleted automatically when you close your browser. They include, in particular, session cookies. These session cookies store a so-called session ID with which various requests from your browser can be
attributed to the joint session. With this, your computer is recognised when you visit our website again. The session cookies are deleted when you log out or close your browser.
- Persistent cookies are deleted automatically after a specified period, which differs from cookie to cookie. You can delete the cookies in the security settings of your browser at any time.
- You can configure the browser settings according to your wishes and reject,for example, the acceptance of third-party cookies or of all cookies. So-called “third-party cookies” are cookies that were used by a third party, i.e. not by the actual website you are visiting. We would like to point out to you that you might not be able to use all the features of this website when you disable cookies.
Other features and offers of our website
(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this, you usually have to provide additional personal data that we use to render the respective service and to which the aforementioned data processing principles apply. (2) In some cases, we use external service providers to process your data. They have been carefully selected and commissioned by us; they are bound by our instructions and are regularly checked. (3) Furthermore, we may disclose your personal data to third parties, if the participation in promotions, raffles, contracts or similar services are offered by us together with partners. You will receive further information on this when you provide your personal data or in the description of the offer below. (4) Inasmuch as our service providers or partners have their registered office outside the European Economic Area (EEA), we will inform you about the consequences of this fact in the description of the offer.
Our offer is exclusively aimed at adults. Persons under the age of 18 should not transmit any personal data to us without the approval of their parents or legal guardians.
Rights of the data subject
(1) Revocation of consent Inasmuch as the processing of the personal data is based on a given consent, you have the right to revoke the consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent until revocation. You can contact us at any time to exercise your right to revocation.
(2) Right to confirmationYou have the right to ask the data controller for a confirmation as to whether we process personal data concerning you. You can ask for this confirmation at any time using the aforementioned contact details.
(3) Right to information If personal data is processed, you have the right to request information about this personal data as well as the following information at any time:
- the processing purposes;
- the categories of personal data that are processed;
- the recipients or categories of recipients to whom the personal data has been disclosed or will be disclosed, in particular recipients in third countries or at international organisations;
- if possible, the planned period for which the personal data is stored, or, if this is not possible, the criteria for the determination of this storage period;
- the existence of a right to rectification or erasure of personal data concerning him/her; of the right to restriction of processing by the controller; of a right to an objection to this processing;;
- the existence of a right to file a complaint with a supervisory authority;
- if the personal data is not collected from the data subject: all available information about the origin of the data;
- the existence of an automated decision-making process, including profiling, according to Section 22 (1, 4) GDPR, and – at least in these cases – meaningful information on the logic involved as well as the scope and desired impact of such processing for the data subject.
If personal data is transmitted to a third country or an international organisation, you have the right to be informed of the appropriate guarantees under Article 46 GDPR in the context of the transmission. We provide a copy of the personal data that is the subject of the processing. For all other copies that you request, we are entitled to charge a reasonable fee based on the administrative costs. If you submit your request electronically, the information must be made available in a standard electronic format, unless otherwise stated. The right to receive a copy in accordance with Item (3) shall not impact the rights and freedoms of other persons.
(4) Right to correction You have the right to demand from us the immediate correction of incorrect personal data concerning you. Taking into account the purposes of the processing, you have the right to demand the
completion of incomplete personal data, also by means of a supplementary declaration.
(5) Right to deletion (“right to be forgotten”) You have the right to demand from the data controller the immediate deletion of personal data concerning you; and we are obligated to delete personal data immediately if one of the following reasons applies:
- The personal data is no longer needed for the purposes for which it was collected or processed in any other way.
- The data subject withdraws his/her consent on which the processing in accordance with Section 6(1) lit. a or Section 9(2) lit. a GDPR was based, and there is no other legal basis for the processing.
- The data subject objects to the processing in accordance with Section 21(1) GDPR, and there are no overriding legitimate reasons for the processing; or the data subject objects to the processing in accordance with Section 21(2) GDPR.
- The personal data has been processed unlawfully.
- The erasure of the personal data is required to meet a legal obligation under EU law or the law of the Member States with which the controller must comply.
- The personal data was collected in terms of offered information society services pursuant to Section 8(1) GDPR.
In the event that the data controller has made public the personal data and he is obligated under paragraph 1 to delete it, the data controller shall take appropriate actions – taking in due consideration the available technology and the costs of implementation – including technical ones in order to inform the persons responsible for data processing, who process the personal data, that you as a data subject have requested the deletion of all links to this personal data
or any copies and replications of this personal data. The right to deletion (“right to be forgotten) does not apply if processing is required:
- for the exercise of the right to freedom of expression and information;
- for compliance with a legal obligation that requires processing in accordance with the law of the Union or the Member States; or for the exercise of a task that is in the public interest or due to a public authority that was assigned to the data controller;
- on grounds of public interest in the field of public health, pursuant to Section 9(2) lit. h and i as well as Section 9(3) GDPR;
- for archiving purposes that are in the public interest; for purposes of scholarly or historical research; or for statistical purposes pursuant to Section 89(1) GDPR to the extent that the right specified in the first
paragraph would make the achievement of these goals impossible or would
seriously impair it; or
- for the assertion, exercise or defence of legal claims.
(6) Right to restriction of processing You have the right to require us to restrict the processing of your personal data if one of the following prerequisites applies:
- The data subject disputes the accuracy of the personal data, namely for a period that allows the controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject rejects the deletion of the personal data and, instead, demands a restriction of the use of the personal data.
- The data controller no longer needs the personal data for purposes of processing but the data subject needs it to assert, exercise or defend legal claims.
- The data subject has filed an objection to the processing according to Section 21(1) GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject.
If the processing was restricted in accordance with the aforementioned prerequisites, this personal data – apart from its storage – is allowed to be processed only with the consent of the data subject or for the assertion, exercise or defence of legal claims; or for the protection of the rights of another natural or legal person; or for other reasons associated with an important interest of the Union or a Member State. In order to assert the right to restriction of processing, the data subject can contact us at any time using the contact details given above.
(7) Right to data portabilityYou have the right to receive the data provided to us in a structured, common and machine-readable format; and you have the right to transfer this data to another data controller without interference from the original data controller to whom the data was provided that:
- the processing is based on consent according to Section 6(1) lit. a or Section 9(2) lit. a or on a contract in accordance with Section 6(1) lit. b of the GDPR; and
- the processing uses automated procedures.
In exercising the right to data portability according to paragraph 1, you are also entitled to seek that the personal data concerning you is transmitted directly from one data controller to another data controller, insofar as this is technically feasible. Exercising the right to data portability does not affect the right to deletion (“right to be forgotten”). This right does not apply to any processing that is required for the exercise of a task that is in the public interest or is due to a public authority that was assigned to the data controller.
(8) Right to objection For reasons that arise from your specific situation, you have the right to object to the processing of the personal data concerning you that is carried out on the basis of Section 6(1) lit. e or f GDPR; this also applies to any profiling based on these provisions. The data controller shall no longer process the personal data unless he can give proof of reasons worthy of protection for the processing that outweigh the interests, rights and liberties of the data subject; or if the processing serves for the assertion, exercise or defence of legal claims. If the personal data is processed for direct advertising, you are entitled at any time to object to the processing of the personal data concerning you for such advertising purposes; this also applies to profiling insofar as it is connected to such direct advertising. If you object to processing for purposes of direct advertising, the personal data will no longer be processed for these purposes. Regardless of Directive 2002/58/EC, you are entitled, in the context of the use of information society services, to exercise your right to objection by way of automated procedures for which technical specifications are used. You have the right, for reasons arising from your specific situation, to object to the processing of personal data concerning you for scholarly or historical research purposes or for statistical purposes within the meaning of Section 89(1) GDPR, unless such processing is necessary for the fulfilment of a task in the public interest. You
can exercise the right to objection at any time by contacting the respective data controller.
(9) Automated decisions in individual cases, including profiling You havethe right not to be subject to a decision that is solely based on automated processing – including profiling – and is legally effective with respect to you or significantly affects you in a similar way. This does not apply if the decision
- is required for the conclusion or execution of a contract between the data subject and the data controller;
- is permitted based on the statutory provisions of the Union or the Member States with which the data controller must comply, and these statutory provisions contain appropriate measures for the protection of the rights and
iberties as well as legitimate interests of the data subject; or
- is made with the express consent of the data subject.
The data controller shall take appropriate actions in order to protect the rights and liberties as well as legitimate interests of the data subject; this includes, at a minimum, the right to seek the intervention of a person on the part of the data controller; the right to present your own standpoint; and the right to dispute the decision. The data subject can exercise the right to objection at any time by contacting the respective data controller.
(10) Right to file a complaint with a supervisory authority Without prejudice to any other administrative or judicial remedy, the data subject also has the right to file a complaint with a supervisory authority, in particular in the Member State of his/her residence, place of work or location of the alleged violation, if the data subject is of the opinion that the processing of the personal data concerning you violates this Regulation.
(11) Right to effective judicial remedy
Without prejudice to any administrative or out-of-court judicial remedy, including the right to file a complaint with a supervisory authority under Section 77 GDPR,the data subject has the right to an effective judicial
remedy if he/she is of the opinion that his her rights to which he/she is entitled on the basis of this Regulation have been violated due to a processing of their personal data that is not in accordance with this Regulation.
Use of Google Analytics
(1) This website uses the “Google Analytics” Web analysis service by Google Inc. (“Google”). Google Analytics uses “cookies,” which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie concerning the usage of this website by you is transmitted to a server of Google in the United States and stored there. When the IP anonymisation is activated on this website, your IP address will be abbreviated by Google within the Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and stored there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide other services to the website operator that are associated with the use of the website and the Internet. (2) The IP address transmitted from your browser through Google Analytics will not be merged with other data of Google. (3) You can prevent the installation of the cookies by selecting the appropriate setting on your browser software; we would like to make you aware of the fact that in this case it is possible you will not be able to use all the functions of this website in full. Moreover, you may prevent data that was produced by the cookie and relates to your use of the website (including IP address) from being collected and processed by Google by downloading and installing the following browser plug-in available at the link below: http://tools.google.com/dlpage/gaoptout?hl=de. (4) This website uses Google Analytics with the extension “_anonymizeIp()”.