Data Protection Policy

2001 words - Last update: 2018-08-25 Page created: 2018-05-22 [SB]



Data Protection Policy

This data protection declaration explains to you the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the associated websites, functions and contents as well as external online presences, e.g. our social media profile (hereinafter jointly referred to as "online offer"). With regard to the terms used, such as "processing" or "person responsible", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).


Who is responsible for data processing on this website?

Responsible for data processing in the sense of the data protection laws is the website owner. The contact details can be found in the Imprint of this website.


Which data is processed?

- Contact data (e.g., e-mail, telephone numbers).
- Usage data (e.g., pages visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).


What is the purpose of the processing?

- Provision of the online website, its functions and contents.
- Answer contact requests and communicate with users.
- Security measures.
- Range measurement/marketing


What is the main legal basis?

In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consents is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for the processing for the fulfilment of our services and the execution of contractual measures as well as the answering of inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for the processing for the fulfilment of our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for the processing for the protection of our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 d GDPR serves as the legal basis.


What are your rights under GDPR?

You have the right to request confirmation as to whether the data concerned are being processed and to request information about these data as well as further information and a copy of the data in accordance with Art. 15 GDPR.

In accordance with Art. 16 GDPR, you have the right to request the completion of the data concerning you or the correction of inaccurate data concerning you.

In accordance with Art. 17 GDPR, you have the right to demand that concerning data be deleted immediately or, alternatively, to demand a restriction on the processing of the data in accordance with Art. 18 GDPR.

You have the right to request that the data concerning you that have been provided by you to us be received in accordance with Art. 20 GDPR and to request its transmission to other responsible persons.

Furthermore, according to Art. 77 GDPR, they have the right to file a complaint with the responsible supervisory authority.

You have the right to revoke granted consents according to Art. 7 para. 3 GDPR with effect for the future.

You can contradict to the future processing of the data concerning you in accordance with Art. 21 GDPR at any time. The contradiction may be lodged in particular against processing for direct marketing purposes.


Website hosting

The hosting services we use serve the purpose of providing the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online service.

We or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta- and communication data of customers, interested parties and visitors of this online website on the basis of our legitimate interests in an efficient and secure environment of this online service according to Art. 6 para. 1 lit. f GDPR in conjunction with. Art. 28 GDPR (conclusion of order processing contract).

This website is hosted by 1&1 Internet SE. An agreement on secure "commissioned data processing" (ADV) in accordance with 11 of the Federal Data Protection Act (FDPA) was concluded and the legally compliant implementation of the legal requirements on data protection was confirmed.

When you access our website, information of a general nature is automatically collected. This information (server log files) includes the type of web browser, the operating system used, the domain name of your Internet service provider and similar information. This information is technically necessary in order to correctly deliver the content you have requested from websites and is mandatory when using the Internet.

1&1 Webanalytics provides the following data for statistical evaluation and technical optimization of the website for the website owner:

- Referrer (previously visited website)
- Requested web page or file
- Browser type and browser version
- Operating system used
- Type of device used
- Time of access
- IP address in anonymized form (used only to determine the location of access)

This are only informations that does not allow any conclusions to you personally.


Use of Google AdSense

We use on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online service within the meaning of Art. 6 para. 1 lit. f. GDPR) the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").

Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law.

We use the AdSense service, which is used to display ads on our website and pay us for their insertion or other use. For these purposes, usage data such as the click on an advertisement and the IP address of the user are processed, whereby the IP address is shortened by the last two digits. Therefore, the processing of the user`s data is pseudonymised.

Users in the European Economic Area do not receive personalized advertising from Google Adsense. The ads are not displayed on the basis of user profiles. Non-personalized ads are not based on previous user behavior. Targeting uses contextual information, including rough geographic targeting (e.g. at the local level) based on the current location, the content of the current website or app, and current search terms. Google prevents any personalized targeting, including demographic targeting and targeting based on user lists.

For more information about Google`s use of data, preferences and opt-out options, see the Google Privacy Policy and the settings for the Display of advertisements by Google. Information about the use of your personal information by Google.


Use of cookies

This site uses only cookies related to Google Adsense.

A general objection to the use of cookies used for online marketing purposes can be declared for many of the services, especially in the case of tracking, via the US site aboutads.info or the EU site youronlinechoices.com. Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that in this case not all functions of this online offer can be used.


SSL encryption

To protect the security of your data during transmission, we use the state-of-the-art SSL encryption method via HTTPS.


Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if we do so in connection with the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it is necessary to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or let process the data in a third country only if the special requirements of Art. 44 ff. GDPR are met. This means, for example, processing is carried out on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA by the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").


Deletion of data

The data processed by us will be deleted or its processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory storage obligations. If the data are not deleted because they are necessary for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

According to legal requirements in Germany, the storage is carried out in particular for 10 years in accordance with 147 para. 1 AO, 257 para. 1 no. 1 and 4, para. 4 HGB (books, records, management reports, accounting documents, trading books, documents relevant for taxation, etc.) and 6 years in accordance with 257 para. 1 no. 2 and 3, para. 4 HGB (commercial letters). HGB is the German Commercial Code.

In accordance with legal requirements in Austria, storage is carried out in particular for 7 years in accordance with 132 (1) BAO (accounting documents, receipts/invoices, accounts, receipts, business papers, statement of income and expenses, etc.), for 22 years in connection with real estate and for 10 years for documents in connection with electronically provided services, telecommunications, radio and television services which are provided to non-entrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS) is used.


Explanation of Terms

"Personal data" means all information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable person is a natural person who, directly or indirectly, in particular by assignment to an identification such as a name, to an identification number, to location data, to an online identification (e.g. Cookie) or to one or more special characteristics that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

"Processing" means any operation or series of operations carried out with or without the aid of automated procedures in connection with personal data. The term has a wide range and covers practically every handling of data.

"Pseudonymisation" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

"Profiling" means any automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person.

"Controller" means the natural or legal person, authority, institution or other body that alone or together with others decides on the purposes and means of processing personal data.

"Processor" means a natural or legal person, authority, institution or other body processing personal data on behalf of the controller.


Created with Datenschutz-Generator.de von RA Dr. Thomas Schwenke. Adapted and translated by the website owner.

Last update: 22nd of May, 2018