DATA PRIVACY POLICY
I. Name and address of the data controller
The person responsible in the meaning of the General Data Protection Regulation and other national data protection laws of the EU Member States, as well as other data protection regulations, is:
Please obtain this information from the legal notice.
II. Contact details of the data protection officer
The data protection officer can be reached as follows:
Please obtain this information from the legal notice.
II. General information on data processing
1. Scope of the processing of personal data
In principle, we collect and use personal data of our users only insofar as this is necessary for providing a functional website and our contents and services. We collect and use the personal data of our users as a rule only with the user’s consent. An exception applies in cases in which circumstances prevent us from obtaining prior consent and the processing of the data is permitted by law.
The following data are also stored at the time the message is sent:
The following is a list of the corresponding data.
- Name of the file requested
- Date and time of the access
- Data volume transferred
- Notification of successful access
- Web browser
- Requesting domain
Additionally, the IP addresses of the requesting computers are logged.
The data will not be disclosed to third parties in this context. Our partner companies (see legal notice) process this data on our behalf.
There are contact forms on our website which can be used for contacting us electronically or transmitting data. If a user accepts this option, the data entered in the input form will be transmitted to us and saved. These data are, for example:
- Salutation
- First name
- Last name, family name, or surname
- Email address
- Telephone number
- Your message
This data will be used exclusively to respond to your enquiry.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 Paragraph 1 Point (a) of the European Union General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
In the processing of personal data required for the performance of a contract to which the data subject is a party, Article 6 Paragraph 1 Point (b) of the GDPR serves as the legal basis. This also applies to processing necessary to implement pre-contractual measures.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Article 6 Paragraph 1 Point (c) of the GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 Point (d) of the GDPR applies as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights, and freedoms of the person concerned do not outweigh the first-mentioned interest, Article 6 Paragraph 1 Point (f) of the GDPR serves as the legal basis for the processing.
3. Deletion (erasure) and storage of data
Your personal data will be erased or blocked as soon as the purpose for its storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which the responsible party is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned regulations has elapsed, unless further storage of the data is necessary for the conclusion or fulfilment of a contract.
IV. Provision of the website and creation of log files
1. Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer.
In this context, the following data are collected:
- Information about the browser type and version used
- The user’s operating system
- The user’s IP address (anonymized)
- Date and time of access
- The websites from which the system of the user accesses our website
- Name of the file requested
- Duration of data transfer
- Data volume transferred
The data are also stored in our system’s log files. This data is not stored together with any other personal data pertaining to the user.
2. Legal basis for data processing
The legal basis for the temporary storage of data is Article 6 Paragraph 1 Point (f) of the GDPR.
3. Purpose of data processing
The system needs to temporarily store the IP address to enable the website to be delivered to the user’s computer. To this end, the IP address of the user must be stored for the duration of the session.
The storage in log files takes place to ensure the functionality of the website. The data are also used to optimise the website and ensure the security of our information technology systems. We do not evaluate this data for marketing purposes.
Our legitimate interest in data processing pursuant to Article 6 Paragraph 1 Point (f) of GDPR also lies in these purposes.
We use personal data provided on contact forms only to make the requested contact. If contact is made via electronic mail, this is also because of our required legitimate interest in processing the data.
The other personal data processed during the sending process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
The data will be deleted (erased) as soon as they is no longer required to fulfil the purpose for which they were collected. In the case the data were collected in order to provide the website, they will be deleted once your session on our site ends.
For the personal data from the contact form input screen and the data that were sent by electronic mail, this is the case when the respective conversation with the user has been completed. The conversation is considered to have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved.
If the data are stored in log files, this will be undertaken after ninety days at the latest. However, they may be retained for a longer period. In this case, the user’s IP address will be deleted or distorted, so that the accessing client can no longer be identified.
Additional personal data that was collected during the sending procedure will be deleted after a period of thirty days at the latest.
5. Options for objection and deletion
Collection of data required to make the website available and storage of the data in log files are essential for the operation of the website. Consequently, users cannot object to their collection.
The user has the option of revoking his or her consent to the processing of personal data at any time. If the user contacts us by electronic mail, the user may object to the storage of the user’s personal data at any time. Please obtain the contact details from the legal notice. If this right is exercised, it will not be possible to continue the conversation.
In such cases, all personal data that was stored when contact was made with us will be deleted.
V. Use of cookies
a) Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored within or by the Internet browser on the computer system of the user. If a user visits a website, a cookie may be stored on the operating system of the user. This cookie contains a distinctive character string that enables the unique identification of the browser when the website is accessed again. Most of the cookies we use are “session cookies”. They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies enable us to recognise your browser when you next visit the site.
We also use cookies on our website to analyse user behaviour. The user data collected in this way is pseudonymised by technical means. It is therefore no longer possible to assign the data to the accessing user. The data are not stored together with the user’s other personal data.
When accessing our website, users are informed by an information banner on the use of cookies for analytical purposes and are referred to this data privacy policy. A note is also included in this context as to how the user can disable the storage of cookies in the browser settings.
b) Legal basis for data processing
The legal basis for the processing of personal data using cookies is Article 6 Paragraph 1 Point (f) of the GDPR.
c) Purpose of data processing
The purpose of using such technically essential cookies is to make the website easier to use. Some features of our website will not be available if the use of cookies is disallowed. This is the reason why it is necessary that your browser remain recognisable as you (as a user) visit a different page in the website.
The user data collected by technically necessary cookies is not used to create user profiles.
The analysis cookies are used to improve the quality of our website and its content. By analysing cookies, we learn how the site is used and can constantly optimise our service.
For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Article 6 Paragraph 1 Point (f) of the GDPR.
d) Duration of storage, objection and removal option
Cookies are stored on the user’s computer and transmitted to our site. As a user, therefore, you retain full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies which have already been saved may be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, it is possible that you will no longer be able to use all of its features.
VI. Rights of the data subject
Should your personal data be processed, you are a data subject within the meaning of the GDPR. As a consequence, you have the following rights vis-à-vis the data controller:
1. Right to information
You may request confirmation from the data controller as to whether we are processing or have processed personal data concerning you. If such is indeed the case, you can request the following information from the responsible entity:
(1) The purposes for which the personal data is being processed;
(2) The categories of personal data being processed;
(3) The recipients or categories of recipients to whom your personal data has been or will be disclosed;
(4) How long the controller plans to store your personal data, or, if specific information in this respect is not possible, the controller’s criteria for determining the storage period;
(5) Any available information on the origin of the data if the personal data have not been collected from the person concerned.
You have the right to be informed as to whether your personal data will be transmitted to a third-party country or an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Article 46 of the GDPR in connection with the transmission.
2. Right to correction
You have a right to correct and/or add to the personal data held by the data controller if the personal data that relate to you are incorrect or incomplete. We (the data controller) are required to make the correction immediately.
3. Right to restriction of processing
You may ask for the processing of your personal data to be restricted under the following conditions:
(1) If you contest the accuracy of your personal data, for as long as it takes the data controller to verify their accuracy;
(2) If the processing is unlawful and you refuse to have the data deleted and instead wish to restrict their use;
(3) The data controller no longer needs the personal data for its purposes, but you need the data to be retained in order to establish, exercise, or defend legal claims; or
(4) If you have filed an objection to the processing pursuant to Article 21 Paragraph 1 of the GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, then – apart from their storage – these data may only be processed with your consent or for the purposes of asserting, exercising, or defending legal claims or protecting the rights of another natural or legal person, or for reasons of an important public interest of the Union or a Member State.
If the limitation of the processing has been restricted for any of the grounds listed above, you will be notified by the data controller before the restriction has been lifted.
4. Right to erasure (deletion)
a) Obligation to erase
You have the right to demand that the data controller erase your personal data, and the data controller must do so without delay if any of the following reasons applies:
(1) Your personal data are no longer necessary for the purposes for which they were originally collected or otherwise processed.
(2) You revoke your consent, on which the processing was based pursuant to Article 6 Paragraph 1 Point (a) or Article 9 Paragraph 2 Point (a) of the GDPR, and there is no other legal basis for the processing.
(3) You file an objection against the processing pursuant to Article 21 Paragraph 1 of the GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Article 21 Paragraph 2 of the GDPR.
(4) Your personal data has been processed unlawfully.
(5) The deletion of personal data relating to you is required in order to comply with legal obligations according to EU law or national law of the Member States to which the data controller is subject.
(6) Your personal data has been collected in connection with services offered by an information company as per Article 8 Paragraph 1 of the GDPR.
b) Transfer of personal data to third parties
Where the party responsible has made the personal data public and is obliged to delete the personal data in accordance with Article 17 Paragraph 1 of the GDPR, the party shall take appropriate measures, including technical measures, taking into account the technology available and the implementation costs, to inform data processors of the personal data that a data subject has requested them to delete, including all links to such personal data or copies or replications of such personal data.
c) Exceptions
The right to erasure does not exist if processing is necessary
(1) To exercise the right to freedom of expression and information;
(2) To fulfil a legal obligation that requires processing under the law of the European Union or of the Member States to which the data controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred to the data controller;
(3) For reasons of public interest in the field of public health pursuant to Article 9 Paragraph 2 Points (h) and (i) and Article 9 Paragraph 3 of the GDPR;
(4) For archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Article 89 Paragraph 1 of the GDPR, insofar as the law referred to under a) is likely to make it impossible or seriously impair the attainment of the objectives of such processing; or
(5) To assert, exercise, or defend legal claims.
5. The right to information
If you have asserted the right to rectification, erasure, or restriction of processing against the data controller, the data controller is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed as to these recipients by the data controller.
6. Right to data portability
You have the right to obtain a copy of the personal data you have supplied to the data controller concerning you in a structured, commonly used, machine-readable format. Moreover, you have the right to transmit this data to another data controller without any obstruction from the data controller to whom the personal data has been given, if
(1) Processing is based on consent pursuant to Article 6 Paragraph 1 Point (a) of the GDPR or Article 9 Paragraph 2 Point (a) of the GDPR or on a contract pursuant to Article 6 Paragraph 1 Point (b) of the GDPR and
(2) Such processing is carried out using automated methods.
In exercising this right, you also have the right to have the data controller transfer your personal data directly to another data controller if this is technically feasible. This action must not affect the freedoms and rights of other persons.
The right to data portability does not apply to personal data processing that is required for the performance of a task that falls within the public interest or that occurs in the exercise of public authority that has been transferred to the data controller.
7. Right to object
You have the right to object at any time to the processing of personal data concerning you on the basis of Article 6 Paragraph 1 Point (e) or (f) of the GDPR for reasons arising from your particular situation, including profiling based on these provisions.
The data controller will no longer process the personal data relating to you unless the data controller can prove a compelling, legitimate reason for this which outweighs your interests, rights, and freedoms or the processing serves to assert, exercise, or defend legal claims.
If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to such processing; this also applies to profiling insofar as it is associated with such direct marketing.
If you object to your data being processed for direct marketing purposes, your personal data will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object using an automated process involving the use of technical specifications.
You have the right to withdraw your declaration of consent under data protection law at any time. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
8. The right to file a legal complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State containing your residence, place of work, or the location of the supposed violation, if you believe that the processing of your personal data violates the GDPR.
The supervisory authority to which the complaint is submitted informs the complainant about the status and results of the complaint, including the possibility of a judicial remedy in accordance with Article 78 of the GDPR.
VII. Protection of data transmission
1. SSL and TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the enquiries you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://”, and by the lock symbol in your browser bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.