The following data protection declaration shall inform you about the form, extent and purpose of the processing of personal data (“data” in the following) within our online content and all therewith connected websites, functions and content (all “online content” in the following). Concerning the use of technical terms and terminology, as for instance “personal data” or its “processing”, we refer to Art. 4 of the General Data Protection Regulation (GDPR).
Types of processed data
Meta and communications data
Processing of special categories of personal data (Art. 9 GDPR)
No special categories of data shall be processed.
Categories of subjects concerned by the processing:
Visitors and users of the online content.
In the following, the concerned subjects shall be collectively referred to as “users“.
Purpose of processing:
Provision of the online content, its contents and functions.
1. Relevant legal basis
According to Art. 13 GDPR, we are informing you about the legal basis of our data processing. In cases where the legal basis for data processing is not provided, the following shall apply: The legal basis for obtaining consent are Art. 6, para. 1, letter (a) and Art. 7 GDPR, the legal basis for the processing for the provision of our services and implementation of contractual measures as well as the answering of inquiries is Art. 6 para. 1, letter (b) GDPR, the legal basis for the processing for the fulfilment of our legal obligation is Art. 6, para. 1, letter (c) GDPR, and the legal basis for the processing for the protection of our legitimate interests is Art. 6, para. 1, letter (f) GDPR. In the cases that vital interests of the data subject or of another natural person require data processing, Art. 6, para. 1, letter (d) GDPR shall serve as legal basis.
We ask you to regularly inform yourself about the content of our data protection policy declaration. The data protection declaration shall be updated, once changes to our data processing require this. We will inform, should any changes require participatory actions on your part (e.g.: consent) or any other individual notification. The current state is indicated by the line “last updated: …” at the end of this data protection notice.
3. Safety measures
3.1. Pursuant to Art. 32 GDPR and taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the varying likelihood of occurrence and severity of the risk or the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk; these measures include in particular the ensuring of confidentiality, integrity, and availability of data through the monitoring of physical access to the data, as well as the access, input, disclosure, assurance of availability, and segregation thereof. In addition, we have implemented procedures to ensure the exercise of data subjects’ rights, the deletion of data and the reaction to any threat to the data. Further, we already consider the protection of personal data during the development or selection of hardware, software, and processes in accordance with the principle of data protection by design and by default (Art. 25 GDPR).
3.2. The security measures include in particular the encrypted transmission of data between your browser and our server.
4. Cooperation with contract processors and third parties
4.1. Should we, in the course of our processing, disclose data to other persons and companies (contract processors or third parties), transfer it to them or otherwise grant them access to the data, this shall only occur on the basis of a legal authorisation (e.g.: if a transfer of data to third parties, such as payment service providers, is required for the fulfilment of the contract pursuant to Art. 6, para. 1, letter (b) GDPR), with your consent, with a legal obligation providing for this, or on the basis of our legitimate interests (e.g.: with the assignment of agents, web hosts, etc.).
4.2. Should third parties be commissioned with the processing of data on the basis of a so-called “data processing agreement”, this shall be pursuant to Art. 28 GDPR.
5. Transmissions to third countries
Should we process data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)) or should this be done during the use of services of third parties or the disclosure or transfer of data to third parties, this shall only occur to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have data processed in a third country only if the special conditions of Art. 44 f GDPR exist. This means that the processing is, for instance, carried out on the basis of specific guarantees, such as the officially recognised establishment of a level of data protection equivalent to that of the EU (e.g.: for the US through “Privacy Shield”) or compliance with officially recognised specific contractual obligations (so-called “standard contractual clauses”).
6. Rights of data subjects
6.1. You have the right to demand confirmation as to whether or not personal data concerning you is processed and to the information on this data as well as further information and copies of the data according to Art. 15 GDPR.
6.2. Pursuant to Art. 16 GDPR, you have the right to demand the completion of data concerning you or the rectification of data concerning you.
6.3. According to Art. 17 GDPR, you have the right to demand that data concerning you is deleted immediately, or alternatively to demand a limitation of the data processing pursuant to Art. 18 GDPR.
6.4. Pursuant to Art. 20 GDPR, you have the right to demand to receive any data that you have provided to us and to demand its transmission to another controller.
6.5. Further, under Art. 77 GDPR, you have the right to file a complaint with the competent supervisory authority.
7. Right of revocation
You have the right to revoke consent granted in accordance with Art. 7, para. 3 GDPR with effect for the future. The revocation does not affect the lawfulness of any processing carried out with you prior consent. The revocation only entails that we are no longer allowed to continue any data processing based on this consent in the future.
8. Right to object
You may object to the future processing of data concerning you pursuant to Art. 21 GDPR at any time. Should you wish to exercise your right to object, please send an email to email@example.com.
9. Cookies and right to object for direct advertising
10. Erasure of data
10.1. Data processed by us will be deleted or limited in its processing in accordance with Art. 17 and 18 GDPR. Unless explicitly stated within this data protection declaration, any data stored with us will be deleted once they are no longer required for their intended purposes and no legal obligations to retain conflict with their erasure. Should any data not be deleted because it is required for any other and legally permissible purposes, its processing will be restricted; i.e. the data will be blocked and not processed for other purposes. This applies for instance for data that must be retained due to requirements of commercial or tax law.
10.2. Pursuant to legal requirements, the storage shall last for six years in accordance to Sec. 42 (1) HGB [German Commercial Code] (for trading books, inventories, opening balance sheets, annual accounts, commercial papers, accounting documents, etc.) as well as for ten years according to Sec. 147 (1) AO [German Tax Code] (for books, records, management reports, accounting documents, commercial and business papers, etc.)
11. Provision of contractual services
11.1. We process usage data.
11.2. Erasure shall occur after the expiry of legal warranty and comparable obligations, the necessity of data retention is reviewed every three years; in the case of legal obligations of preservation, erasure shall occur following their expiry (end of commercial law (six years) and tax law (ten years) obligation of storage); information in user accounts remain until its deletion.
12.1. Upon contacting us (e.g.: via email), users’ details are processed for the purpose of the handling of the contact request and its operation in accordance with Art. 6, para. 1, letter (b) GDPR.
12.2. User information may be stored in our Customer-Relationship-Management System (“CRM-System”) or similar inquiry organisation systems.
12.3. Inquiries shall be deleted, once they are no longer required. We review the necessity every two years; we store inquiries of costumers with a user account permanently and for deletion we refer to the information of the user account. In the case of legal obligations of preservation, erasure shall occur following their expiry (end of commercial law (six years) and tax law (ten years) obligation of storage).
13. Protection of minors
Persons under 18 years of age should not transmit personal data to us without the consent of their parents or legal guardians. We do not request personal data directly from minors. We do not scientifically collect such data and do not pass it on to third parties.
14. Collection of access data and log files
14.1. On the basis of our legitimate interests pursuant to Art. 6, para. 1, letter (f) GDPR, we collect data on any access to the server on which this service is located (so-called server log files). Included in this access data are the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, users’ operating system, referrer URL (the previously visited site), IP address, and the requesting provider.
14.2. Log file information is stored for security reasons (e.g.: the investigation of abuse or fraud) for a maximum duration of seven days and thereafter deleted. Any data whose further storage is required for evidential purposes is excluded from deletion until final clarification of the respective incident.
15. Online presences in social media
15.1. On the basis of our legitimate interests pursuant to Art. 6, para. 1, letter (f) GDPR, we maintain online presences within social networks and platforms, in order to communicate with the therein active customers, interested parties, and users and to inform them of our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply.
15.2. Unless otherwise stated in our data protection declaration, we process user data if they communicate with us within such social networks and platforms, for instance when posting to our online presences or sending us messages.
16.1. Cookies are information that is transferred to the users’ web browser from our web servers or the web servers of third parties and are stored there for later access. Cookies may take the form of small files or other types of information storage.
16.2. If users do not agree to cookies being saved on their computers, we ask you to disable the respective option in your browser’s settings. Stored cookies can be deleted within the browser’s settings. Disabling cookies may lead to functional limitations of this online content.
17. How to contact us with inquiries
Should you have any question concerning data protection on our website, we look forward to your email to firstname.lastname@example.org.
Last updated: April 2020