The protection of your privacy is very important to us. We therefore proceed according to the statutory regulations of the European and German data privacy legislation in all operations of data processing (e.g. collecting, processing and transmission), in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The following explanation provides you with an overview of which of your data is enquired about on our websites, how this data is used and forwarded, in which ways you can find out about the information provided to us, and which security measures we take to protect your data.
1. Who is your contact person (controller) for data privacy concerns?
2. Which data do we need from you for the use of our websites? Which data is collected and stored during use?
Personal data is any information that refers to an identified or identifiable natural person (“data subject”), such as, e.g. your name, your address, your phone number, your date of birth, your bank details and your IP address. Basically, we only collect and use personal data of our users when this is necessary in order to provide a functioning website and our contents and services. The collection and use of personal data of our users is only carried out as a rule after obtaining the consent of the user. An exception applies in such cases, where obtaining prior consent is not possible for practical reasons and the processing of data is permitted by statutory regulations.
When using our websites, the following data is logged in log files on the server side, whereby the storage exclusively serves internal system-related and statistical purposes (so-called usage data): Names of the pages called up, the browser used, the operating system and the requesting domain, date and time of access, search engines used, names of downloaded files, and your IP address. Further personal data is only collected when you provide it to us voluntarily, e.g. as part of an enquiry via the contact form on our website or as part of an e-mail enquiry. The legal basis for the temporary storage of data and log files is Art. 6 par. 1 lit. f GDPR (General Data Protection Regulation). The temporary storage of the IP address is required by the system, in order to enable the delivery of the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session. The storage in log files is carried out to ensure the functioning of the website. In addition, the data is used to optimise the website and ensure the security of our IT systems. Our legitimate interest in data processing as according to Art. 6 par. 1 lit. f GDPR also lies in these purposes. The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of recording data to make the website available, this is the case when the respective session is terminated. If the data is stored in log files, this is the case at the latest after six months. During storage, the users' IP addresses are alienated so that an assignment of the calling client is no longer possible. On the server side, the last three digits of the IP address are provided with an X, so that it's no longer possible to establish a personal reference. The recording of data to make the website available and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option of contesting this.
It is possible to contact us via the e-mail address provided or via the other communication channels mentioned under the Contact section. In this case, the personal data of the user transmitted with the e-mail or otherwise will be stored. We only use your data to process your enquiry and can contact you for this purpose using the contact data given. The legal basis for the processing of the data, which is transmitted in the course of the transmission of an e-mail or via other kinds of communication, is Art. 6 par. 1 lit. f GDPR. If making contact also aims to conclude a contract, the additional legal basis for processing is Art. 6 par. 1 lit. b GDPR. The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data which was sent by e-mail or otherwise, this is then the case when the respective conversation with the user is terminated. The conversation is terminated when it can be inferred from the circumstances that the situation concerned has been conclusively clarified.
Right to objection
When the user contacts us, he or she can object to the processing of his or her personal data at any time, by using the above contact information. The conversation cannot be continued in such a case. In this case all personal data that was processed in the course of making contact will be deleted.
3. How is my data used and possibly forwarded to third parties, and for which purpose is this carried out?
We use the personal data provided by you to answer your enquiries and for the technical administration of our websites. Your personal data will only be passed on or otherwise transmitted to third parties when it is necessary for the purpose of processing the contract, for invoicing purposes or for collecting the fee, or if you have expressly consented to this. The legal basis for the transfer of data to third parties for the purpose of contract processing or for billing purposes is Art. 6 par. 1 lit. b GDPR. For the transmission in legally ordered cases, e.g. to law enforcement authorities or for the enforcement of intellectual property rights, Art. 6 par. 1 lit. c GDPR is the legal basis.
4. What security measures have we taken to protect your data?
We have taken a variety of security measures to protect personal information appropriately and adequately. Our databases are protected by physical and technical measures, as well as by means of procedural measures that restrict access to the information to specially authorised persons in compliance with this data privacy statement. Our information system is located behind a software firewall to prevent access from other networks that are connected to the internet. Only employees who require the information to complete a special task can obtain access to personal information. Our staff are trained regarding security and data privacy practices. We use the standardised SSL encryption technology when collecting and transmitting data via our internet pages. Personal data is transmitted on our website using SSL encryption, recognisable by the lock symbol in the browser and by the suffix "https://" in the address bar. When communicating by e-mail, we cannot guarantee full data security.
5. A cookie is stored on your computer when you use our websites. What does this mean?
6. Rights of data subjects
If personal data relating to you is processed, you are a data subject as defined in the GDPR and you are entitled to the following rights towards the controller:
Information, rectification, restriction of processing and erasure
You have the right at any time to obtain information free of charge about any personal data we have stored about you, about the origin and recipient, as well as the purpose of data processing via our websites. In addition, you have the right to rectification, erasure and restriction of the processing of your personal data, where the statutory provisions exist.
Right to data portability
You have the right to receive the personal data relating to you that you have made available to us as controller in a structured, commonly used and machine readable format. We can satisfy this right, e.g. by providing a csv-export of the data processed relating to you.
Right to information
When you have asserted your right to rectification, deletion or restriction of processing to the responsible office, this office is obliged to inform all recipients, to whom the personal data relating to you was disclosed, about this rectification or deletion of the data or the restriction of processing, unless this proves to be impossible or involves an unreasonable expense or effort. You have the right vis-à-vis the responsible office to be informed about these recipients.
Right to object
For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data relating to you that is carried out pursuant to Art. 6 par. 1 lit. e or lit. f GDPR; this shall also apply to any profiling that is supported by these provisions. The controller no longer processes the personal data relating to you, unless he can prove compelling legitimate reasons for the processing that override your own interests, rights and liberties, or when the processing serves the assertion, exercise or defence of legal claims. In connection with the use of services of the information society - irrespective of the Directive 2002/58/EC - you have the possibility to exercise your right to object by means of automatic processes with which technical specifications are used.
Revocability of data privacy consent declarations
In addition, you may revoke the consents that you have given us with effect to the future at any time, using the contact details stated above.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement if you take the view that that the processing of the personal data relating to you infringes the general data privacy regulation. The supervisory authority, with which the complaint has been lodged, informs the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
7. Changes to this data privacy statement
We reserve the right to change this data privacy statement when the occasion arises and without prior notice. Please therefore consult this page regularly to find out about possible changes to this data privacy statement.