Relevant legal bases
In accordance with Article 32 of the GDPR we take appropriate technical measures, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons and organisational measures, to ensure a level of protection appropriate to the risk; the measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and segregation. In addition, we have established procedures that ensure the fulfilment of data subject rights, data erasure, and reaction to data vulnerability. Furthermore, we take into account the protection of personal data in the development and/or selection of hardware, software and procedures, pursuant to the principle of data protection through technology design and privacy-friendly default settings (Article 25 of the GDPR).
The security measures include in particular the encrypted transmission of data between your browser and our server.
Collaboration with contract processors and third parties
If we reveal data to other persons or companies (contract processors or third parties) in the course of processing, transmit, or otherwise grant them access to these data, this shall only occur on the basis of legal permission (e.g. if transmission of data to third parties such as payment service providers is required for contract performance according to Article 6 para. 1 lit. b. of the GDPR, you have given your consent, a legal obligation provides for it, or on the basis of our legitimate interests (e.g. when deploying agents, web hosting, etc.). If we instruct third parties to process data on the basis of a so-called “Data processing order agreement”, this shall occur on the basis of Article 28 of the GDPR.
Data transfer to third countries
Except for the applications mentioned above, no transmission to countries outside the EU is carried out and it is not planned.
Your rights as a data subject
You have the right to:
- Information about your stored data
- Correction and completion of your stored data
- Deletion of your data no longer required
- Restriction of the processing of your data
- Revocation of granted consent with effect for the future
- Objection to the future processing of your data, in particular to processing for direct marketing purposes
- Receipt and transmission to other data controllers responsible for the data concerning you
Provision of contractual services
If stock data (for example, names and addresses as well as contact details of users) are processed, this is done to fulfil our contractual obligations and services pursuant to Article 6 para. 1 lit. b. of the GDPR. For example, the entries marked in the online forms as obligatory are required for the conclusion of the contract.
Deletion of data
When contact is made with us (via contact form or email), user data are processed for the processing of the inquiry and its settlement pursuant to Article 6 para. 1 lit. b. of the GDPR.
User information can be stored in a customer relationship management system (“CRM system”) or similar inquiry organisation. We delete the inquiries once they are no longer required. We check the necessity regularly; inquiries from customers who have a customer account are stored by us permanently and we refer to the deletion on the details of the customer account. In the case of legal archiving obligations, the deletion shall take place after the expiration of their storage obligation (end of commercial law (6 years) and tax law (10 years)).
Collection of access data and logfiles
On the basis of our legitimate interests within the meaning of Article 6 para. 1 lit. f. of the GDPR we collect data on every access to the server on which this service is located (so-called server log files). Access data include the name of the website visited, the file accessed, the date and time of the visit, the volume of data transferred, notification of a successful visit, the browser type and version, the operating system of the user, the referring URL (previously visited site), the IP address and the requesting provider. Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of seven days and is then deleted. Data which must be retained as potential evidence are not deleted until the relevant incident has been ultimately clarified.
Online presence in social media
Integration of third-party services and content
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation, and economic operation of our website within the meaning of Article 6 para. 1 lit. f. of the GDPR) we use third-party content or service offers on our website in order to provide their content and services, e.g. include videos or fonts (collectively referred to as “content”). This always assumes that third-party providers of this content perceive users’ IP address because they cannot send content to their browsers without the IP address. Your IP address is therefore necessary to display this content. We strive only to use content from providers who use the IP address to deliver content, and for nothing else. Furthermore, third-party providers can use what are known as pixel tags (invisible graphics also known as “web beacons”) for statistical or marketing purposes. Information such as visitor traffic on the pages of this website can be evaluated using these “pixel tags”. The pseudonymous information may also be stored in cookies on the device of the user and may include technical information about the browser and operating system, referring websites, visiting time, and other information about the use of our website and it may also be linked to such information from other sources. The following list provides an overview of third-party providers, their contents, as well as links to their privacy policies, which contain further information on the processing of data and, as already mentioned here, options for objecting (so called opt-out):
Pursuant to Article 77 of the EU GDPR, you may lodge a complaint with a supervisory authority if you believe that the processing of your personal data is in breach of the EU GDPR or the Federal Data Protection Act.
Subscriber details: To subscribe to the newsletter, it is sufficient to enter your email address.
Use of Google Analytics
- Our website uses Google Analytics, a web analysis service from Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). Google Analytics uses so-called cookies which are text files that are stored on your computer and enable an analysis of how you use the website. The information generated by the cookie about your use of our WEBSITE (including your IP address) is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on our WEBSITE, your IP address will be truncated by Google within the member states of the European Union or in other countries that are contracting parties to the Agreement in the European Economic Area. Only in exceptional cases will the whole IP address first be transferred to a Google server in the USA and truncated there. On our behalf, Google will use this information to evaluate your use of the WEBSITE, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.
- The IP address provided to Google Analytics by your Internet browser will not be merged with any other data provided by Google.
- For browsers on mobile devices, you can alternatively prevent collection by Google Analytics by clicking on the following link: Set an opt-out cookie for this browser and this website. An opt-out cookie is set which prevents the future collection of your data when visiting our WEBSITE. Please note: The cookie only works for the browser on which it is set. If you delete the cookie on this browser, you must reset it by clicking on the above links.
- If you allow cookies to be stored, Google Analytics retains your data for 14 months. Data that reaches the end of this retention period will be automatically deleted.
- Please note that Google Analytics is used on our WEBSITE with the extension “_anonymizeIp ()” and that your IP address will only be processed in shortened form in order to exclude a direct personal reference. If the data collected about you are personal, they will be blocked instantly and the personal data will be deleted immediately.
- We use Google Analytics to analyse and regularly improve the use of our WEBSITE. The statistics obtained in this way enable us to improve our services and make them more interesting for you as a user. Optimisation and marketing purposes are our legitimate interests. For the exceptional cases in which personal data are transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Article 6 para. 1 sub-para. 1 lit. f of the GDPR.
- As part of Google Analytics, we use the additional features of Universal Analytics. Universal Analytics allows us to analyse your activities across our sites across devices. This is made possible by the pseudonymous assignment of a user identification (user ID) to a user. Such an allocation is made, for example, when you register for a customer account or log in to your customer account. However, no personal data are forwarded to Google. Please note that also regarding the functions of Google Universal, the above possibilities of objection by the browser plugin or opt-out cookie are possible. You can also disable the cross-device analysis of your usage in your personal account under “My Account”, “Personal Information”.