1. Who is responsible for processing my data?
An der Autobahn 200
Tel.: + 49-5241-80 0
is responsible for processing your data on this website (hereinafter referred to as “company”). The company processes personal data in accordance with the GDPR and laws locally applicable.
The company data protection officer can be reached at the above postal address by adding “For the attention of the data protection officer” or at the email address: firstname.lastname@example.org.
2. What data is collected?
When you visit the website, data is automatically recorded from the accessing computer (hereinafter referred to as “access data”). This access data includes server log files, which usually contain information regarding the browser type and version, the operating system, the internet service provider, the date and time of use of the website, the previously visited websites and the websites newly accessed via this website and the IP address of the computer. With the exception of the IP address, the server log files are not personally identifiable. An IP address is personally identifiable if it is permanently assigned when using the internet connection and the internet provider can assign this to a person.
If you continue to use the services of the website, pseudonymous usage profiles and/or the data entered by you on the website (for example, search words, login data, ratings, form or contract entries, click data) will be processed.
Some of the website’s services require that you provide personal information to the company. In these cases, the data you provide will be used to provide you with your desired service or to handle your request. As an example, the following personal data can be processed on the website: User data such as email address and password; address data; contact data; picture, video and sound recordings.
3. Which cookies are used?
Cookies are essentially just an online identifier without personal reference. Cookies only become personalised when data generated by the cookies is merged with other data. A distinction can be made between the cookies required to make the website available and the cookies required for other purposes, such as user behaviour analysis or advertising.
The cookies required to make the website available include, but are not limited to:
- cookies used to identify or authenticate users;
- cookies that temporarily store certain user input (such as the contents of a shopping cart or an online form);
- cookies that store certain user preferences (such as search or language settings);
- cookies that store data to ensure trouble-free playback of video or audio content.
Cookies that are required for further purposes include in particular the following:
- analysis cookies to record our users’ usage behaviour (such as clicked advertising banners, visited subpages, requested search queries) and to evaluate them in statistical form;
- advertising cookies that are used to create user behaviour profiles (such as clicked banner ads, visited sub-pages, requested search queries) to show the user advertisements or offers tailored to their interests (“interest-based advertising”);
- third party advertising cookies that are used to create user behaviour profiles (such as clicked banner ads, visited sub-pages, requested search queries) and which enable the controller and the third party to show the user advertisements or offers tailored to their interests (hereinafter “third party cookies”);
- tracking cookies related to social plugins.
4. What data is collected for which purposes?
The purposes of the data processing may stem from technical, contractual or legal requirements as well as from consent.
We use the data mentioned under Section 2 for the following purposes:
- to make the website available and ensure technical security, in particular to remedy technical errors and to ensure that unauthorised persons do not gain access to the systems of the website;
- to measure reach and web analytics for the purpose of making the website more efficient and interesting for you as well as to conduct market research;
- to implement our own and external advertising (online advertising);
- for communication, contract initiation and customer care;
- to send newsletters and/or programme communication via email.
4.1 Technical provision of the website
4.1.1 Description and scope of the data processing
When accessing and using the website, server log files are automatically recorded for the accessing computer system as an integral part of the accruing access data according to Section 2 and stored for a short time; this is done to maintain the functionality of the website, conduct security analyses and defend against attacks. Server log files are not stored in combination with other data. The company uses the server log files for statistical evaluation to analyse and correct technical breakdowns, to defend against attacks and fraud attempts and to optimise the functionality of the website.
4.1.2 Purposes and legal basis of the data processing
The legal basis for the recording of the server log files is Art. 6 (1) lit. f GDPR. The functionality of the website, the performance of security analyses and the prevention of risks are legitimate interests of the company.
4.1.3 Duration of storage or criteria for determining this duration
After retrieving web pages, server log files are stored on the web server and the IP address contained therein is deleted after seven days at the latest. Evaluation during this storage period is carried out exclusively in the event of an attack.
4.1.4 Possibility of objection and deletion
You have the right to object to the processing of your data stored in server log files, if reasons for this arising from your particular situation exist. If you would like to exercise your right to object, please contact the address specified in Section 1.
4.2 Contact form, email and telephone contact
The website offers the possibility to contact the company via a contact form, an email address or a telephone number. If you make use of this possibility, any data entered in the contact form, your email address and/or your telephone number as well as your request will be transmitted to the company. Depending on the request (for example, questions regarding the company's products and services, assertion of your rights as a data subject such as right to information), your contact data will be processed further (also with the help of service providers). To the extent necessary to process your request, your contact information may be shared with third parties (such as affiliated companies).
4.2.2 Purposes and legal basis of the data processing
The legal basis for processing your contact data is Art. 6 (1) lit. f GDPR. Your legitimate interests lie in the processing of your request and further communication. If you contact us with the intention of concluding a contract with the company, the legal basis for the processing of your contact data is Art. 6 (1) lit. f GDPR.
4.2.3 Duration of storage or criteria for determining this duration
After processing your request and terminating further communication, the contact data will be deleted. This shall not apply if you contact us with the intention of concluding a contract with the company or assert your data subject rights such as the right to information. In these cases, the data will be stored until the contractual and/or legal obligations have been fulfilled and deletion is not precluded by statutory retention periods.
4.2.4 Possibility of objection and deletion
You have the right to object to the processing of your contact data, if there are reasons for this that arise from your particular situation. If you would like to exercise your right to object, please contact the address specified in Section 1. If you object, the communication cannot be continued with. This shall not apply if the storage of your contact data is required for the initiation or fulfilment of a contract or assertion of your data subject rights.
4.3.1 Description and scope of the data processing
The website offers the possibility to subscribe to newsletters. Your data from the registration screen will be transmitted to the company and processed further (also with the help of service providers) for the dispatch of newsletters. When registering, your consent will be obtained and saved using the double-opt-in procedure. Your data is not transferred to third parties.
We point out that the company may evaluate your user behaviour when sending newsletters. To carry out this evaluation, the emails sent include web beacons or tracking pixels, which are one-pixel image files stored on the website. For the purpose of evaluations, the company could link your data and the web beacons with your email address and an individual ID. With the data obtained in this manner, the company would be able to create a user profile with which the newsletter can be tailored to your individual interests. To do this, the company records which links you click on when you read the newsletter and uses these to derive your personal interests. The company could associate this data with your behaviour on our website.
4.3.2 Purposes and legal basis of the data processing
The processing of your data via the login form is required to inform you about and advertise the company's goods and/or services. The legal basis for processing the data when registering for the newsletter is the consent according to Art. 6 (1) lit. a GDPR with reference to Section 7 (2) No. 3 of the Act Against Unfair Competition (hereinafter referred to as “UWG”).
The legal basis for the processing of your data after purchasing the company’s goods and/or services is Art. (6) 1 lit. f GDPR with reference to Section 7 (3) of the Act Against Unfair Competition (hereinafter referred to as “UWG”). Advertising to existing customers is in the company’s legitimate interest.
4.3.3 Duration of storage or criteria for determining this duration
The data will be stored for as long as the newsletter is subscribed to. If you revoke your consent, your data will be blocked for this processing purpose. The data will be stored until the contractual and/or legal obligations have been fulfilled and deletion is not precluded by statutory retention periods.
4.3.4 Possibility of objection and deletion
You may revoke your consent to receive a newsletter at any time by clicking on the unsubscribe link provided in each newsletter.
4.4 Use of the blog
4.4.1 Description and scope of the data processing
If you want to use the comment function of blogs, you must specify a name and your email address in addition to the actual comment. The username for this purpose is freely selectable, so there is no clear name obligation and the company provides you with the option to remain pseudonymous to the other users. Comments are only published after review and approval by the company. If you post comments, these will generally be made accessible to unregistered users (hereinafter referred to as “anyone”), stating your username, time and date of the comment.
4.4.2 Purposes and legal basis of the data processing
Data is processed on the blog for the purpose of collective discussion between users on various topics. The legal basis is Art. 6 (1) lit. f GDPR. The legitimate interest lies in promoting exchange within the interested community.
4.4.3 Duration of storage or criteria for determining this duration
Your user data is stored until the intended purpose is fulfilled. Your published comments will be stored until deleted and are accessible to anyone. If you wish for your contributions to be deleted, you can send your deletion request to the company under Section 1.
4.4.4 Possibility of objection and deletion
Processing your user data is required to use the blog’s comment function. You cannot object to this, but you can exercise your right to deletion of data.
4.5 Web tracking
The website has built-in services that optimise usability and measure the reach of the website. Your access data (see Section 2) will be recorded and the usage behaviour will be evaluated using analysis cookies (see Section 3). Personal identification is basically not required for web tracking, meaning that when you enter your access data, the stored IP address is either not used or only a shortened version is used and pseudonymous usage profiles are created. These are not merged with other data and you have the option of revocation at any time. Personal usage profiles are only created in exceptional cases and if you have given your consent.
Web tracking services are usually provided by service providers who process the data only as directed by the controller and not for its own purposes as a processor. This is ensured on the basis of data processing contracts. If the service providers outside the European Union or the European Economic Area (hereinafter referred to as "EU or EEA") process your data, a third country transfer takes place. This is permissible provided that you have given your consent, the company has provided guarantees of a data protection level that meets the European standard or the EU Commission has classified the respective third country as a safe third country. The third country transfer of the respective service is indicated below. Further information regarding the recipients of your data can be found in sections 4.5.1, 4.5.2 and 4.5.3.
The website’s web tracking services are described in more detail below.
4.5.1 Google Analytics
The website uses the Google Analytics service. The provider of Google Analytics is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google Analytics creates a pseudonymous usage profile to optimise the website’s user-friendliness. Pseudonymity is ensured by the fact that the IP address is shortened before transmission of your data to Google and any reference to you is not possible. The pseudonymous usage profile is evaluated after transmission for the purpose of optimising usability. It is not merged with any other Google data. The company ensures that Google only processes the data as instructed based on a data processing contract.
The use of Google Analytics entails a third county transfer (see Section 4.7). However, Google ensures that the European level of data protection is ensured for third country transfer with certification under the EU-US Privacy Shield.
4.5.2 Adobe Analytics (Omniture)
The website uses the Adobe Analytics service. The provider of Adobe Analytics is Adobe Systems Software Ireland Limited, 6 Riverwalk Naas Road Dublin 24, Ireland. Adobe Analytics creates a pseudonymous usage profile to optimise the website’s user-friendliness. Pseudonymity is ensured by the fact that the IP address is shortened before transmission of your data to Adobe and any reference to you is not possible. The pseudonymous usage profile is evaluated after transmission for the purpose of optimising usability. It is not merged with any other Adobe data. The company ensures that Adobe only processes the data as instructed based on a data processing contract.
4.5.3 Matomo (formerly Piwik)
Our website uses Matomo (formerly Piwik). The provider is InnoCraft LtD, 150 Willis St, 6011 Wellington, New Zealand. Matomo uses analysis cookies to create a pseudonymous usage profile on the company’s website to optimise the website’s user-friendliness. This usage profile is stored exclusively on the company's web servers and is not transmitted to the InnoCraft LtD web server. Pseudonymity is ensured by the fact that the IP address (which is recorded as part of the server log files when the website is made available by the website operator) is shortened before transmission to InnoCraft LtD so that any reference to you is not possible. This IP address will not be merged with other data. This and the evaluation of the pseudonymous usage profile is carried out exclusively on behalf of the company and is ensured on the basis of a data processing contract concluded with InnoCraft LtD.
Analysis cookies are always set at Matomo when you visit the website. The cookies remain for six months, unless you delete them beforehand using the browser setting.
Furthermore, the use of Matomo entails a third-country transfer. No data is transmitted to the InnoCraft LtD web server.
4.5.4 Purposes and legal basis of the data processing
The legal basis for recording and evaluating pseudonymous usage profiles is Art. 6 (1) lit. f GDPR /Section 15 (3) German Telemedia Act (TMG). Optimising the user-friendliness of the website and measuring reach are legitimate interests of the company. If personal usage profiles are recorded and evaluated, the legal basis is your consent in accordance with Art. 6 (1) lit. a GDPR.
4.5.5 Duration of storage or criteria for determining this duration
The data collected and evaluated via web tracking services is usually stored until you object to its use. If data processing is based on your consent, your data will be stored until you revoke your consent.
4.5.6 Possibility of objection and deletion
You can opt out of using the web tracking services at any time by changing your browser settings. For further information please refer to the privacy policies in sections 4.5.1, 4.5.2 and 4.5.3.
5. Who receives my data?
Those entities within the company who need your data to fulfil the purposes described in Section 4 above. Also, service providers employed by the company may gain access to your data (“processors”, such as data centres, newsletters, customer service or debtor management). Data processing contracts ensure that these service providers commit to instructions, data security and the confidential handling of your data.
Your data is only transferred to other recipients at your request or if required by law. The following third parties are included in the data transfer:
Providers of social media services that for their own purposes merge your data from the website with the data already stored there.
Providers of measurements and web analytics, who for their own purposes measure the reach of websites and create user profiles.
Affiliate companies to which you refer in your request
Public bodies and institutions, such as law enforcement agencies, who receive access to your data for reasons of compliance with legal or regulatory obligations.
6. Will my data be processed outside the EU or EEA (third country transfer)?
If the service providers listed in Section 5 and/or third parties outside the EU or the EEA process your data for the purposes specified in Section 4, this may result in your data being transmitted to a country where a level of data protection equivalent to that in the EU or the EEA cannot be guaranteed. However, such a level of data protection can be ensured with a suitable guarantee. For example, standard contractual clauses provided by the EU Commission may qualify as a suitable guarantee. You can request a copy of these guarantees from the contact details listed in Section 1. By way of exception, any guarantee can be waived if you give your consent to this or if the third country transfer is required to fulfil your contract with the company. The EU Commission has also recognised certain third countries as safe third countries, meaning it is also not necessary for the company to provide any suitable guarantees at this point.
7. What data protection rights do I have?
You have the right to obtain information about your stored personal data at any time. You have the right to demand the rectification of any of your personal data which is incorrect or out of date. You furthermore have the right to demand the deletion of your data or its restriction from processing in accordance with Art. 17 and Art. 18 GDPR. You also have the right for the data you provide to be surrendered to you in a common and machine-readable format (right to data portability).
If you have given consent to the processing of your personal data for specific purposes, you may revoke such consent at any time with future effect. The revocation must be sent to the company at the contact address listed under Section 1. You can revoke your consent to the website by clicking on the unsubscribe link provided in the respective newsletter.
In accordance with Art. 21 GDPR, you have the right at any time, for reasons arising from your particular situation, to object on the basis of Art. 6 (1) lit. f GDPR to the processing of your data. You also have the right to object to the processing of your personal data for the purpose of direct mailings at any time. The same applies to the automated procedures when using individual cookies, as long as they are not absolutely essential for making the website available.
You also have the possibility to contact a data protection authority and file a complaint. A list of data protection authorities and their contact data can be found here.
9. To what extent is automated decision-making and profiling utilised?
Your collected data is not utilised for automated decision making or profiling by the company.
10. Final/version information
As the site evolves and new technologies are introduced to improve our service to you, changes to these privacy statements may be required. Therefore, we recommend that you review these privacy statements from time to time.