General Data Protection Regulation (GDPR)
The use of our public online offer does not require any personal data, and there is no obligation to provide personal data.
We adhere to the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).
Definition of Terms
"Personal data" (herein referred to as "data") are all information relating to an identified or identifiable individual person (herein referred to as "person concerned"). An individual person is regarded as identifiable if this person can be directly or indirectly identified using an identifier such as a name, an identification number, location data, online identifiers (e.g. cookies) or using one or several special characteristics expressing the physical, physiological, genetic, mental, economic, cultural or social identity of this individual person.
"Processing" means any executed procedure or sequence of procedures that may or may not use automated techniques connected to personal data. Processing is an all-encompassing term to include any handling of data.
"Person responsible" means the individual or legal person, authority, institution or other body deciding alone or together with others about the purpose and tools of the processing of personal data.
c/o Claudia Mund
Data security official
Kontakt per E-Mail: firstname.lastname@example.org
Types of processed data
- master data (e.g. names, addresses)
- contact data (e.g. e-mail, phone numbers)
- content data (e.g. text input)
- meta-/communication data (e.g. information about devices, IP addresses)
Categories of persons concerned
- visitors and users of our online offer (hereinafter referred to as "users")
Purpose of processing
- providing our online offer, its functions and content
- answering contact requests and communication with users
- security measures
Relevant legislative basis
In the following we notify you of the relevant legislative basis of our data processing according to requirements of art. 13 GDPR. The following applies unless stated differently in this data privacy notice:
Legal basis for obtaining consents are GDPR art. 6, sect. 1, lit. a and art. 7, legal basis for processing of data to provide our services, for processing contractual measures and for answering inquiries is GDPR art. 6 sect. 1 lit. b, legislative basis for processing for fulfilling our legal obligations is GDPR art. 6 sect. 1 lit. c, and the legislative basis for processing to protect our legitimate interests GDPR art. 6 sect. 1 lit. f. GDPR art. 6 abs. 1 lit. d is the legislative basis if essential interests of persons concerned or of other natural persons make it neccessary to process personal data.
Transmission to Third Party Countries
No processing of data is carried out into third party countries (i.e. outside the European Union (EU) or outside the European Economic Area (EEA)).
Rights of Persons Concerned
According to GDPR art. 15, you have the right to demand a confirmation whether data concerned is processed and to be informed about this data and to demand further information and to demand a copy of these data according to GDPR art. 15.
According to GDPR art. 16, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.
According to the requirement of GDPR art. 17, you have the right to request that data concerned will be deleted immediately or alternatively according to the requirement of GDPR art. 18, you have the right to request a restriction of the processing of this data.
According to requirement GDPR art. 20 you have the right to request the delivery of data concerning you provided to us by you and to request the transmission of this data to other parties responsible.
Furthermore, you have the right according to GDPR art. 77 to file a complaint with the surveillance authority responsible.
Right of Rescission
You have the right to withdraw granted consent according to GDPR art. 7 sect. 3 with future effect.
Right of Objection
According to GDPR art. 21 you may object at any time to your personal data being processed in the future.
Deletion of Data
All data we process will be deleted or restricted in processing according to GDPR art. 17 and 18. Unless stated differently in this privacy statement, all recorded data will be deleted as soon as they are no longer needed for the purposes they were collected for unless such deletion is not possible due to statutory retention requirements.
If data are not deleted because they are needed for other purposes permitted by law, their processing will be restricted, i.e. the data will be blocked and not processed for other purposes.
Contact Opportunity via Website
Our online offer contains information allowing to contact us by email. If you contact us by email, your voluntarily transmitted data will be processed for contacting you or for responding to your request. After fulfilling your request, this data will be deleted. Only on your request these data will be passed on to third parties.
Cooperation with Processors and Third Parties
If we disclose or transfer data, or grant access of data to other persons or enterprises in context of processing your request, we will do so only based on a statutory permit (e.g. if a transfer of data to third parties according GDPR art. 6 sect. 1 lit. b is neccessary to fulfill the contract), if you consented, if this is requested by a law or based on our legitimate interests (e.g. in the use of agents, web hosts, etc.)
If we entrust third parties with processing data based on a so called "order processing agreement", we will do so fully respecting GDPR art. 28.
We use hosting services providing the following services to operate our online offer: infrastructure and platform services, computing capacity, memory capacity, data bank services, security services, and technical maintenance support.
In context of these hosting services we or our hosting provider will process meta or communication data of users of our online offer based on our legitimate interests to provide this online offer in an efficient and secure way according GDPR art. 6 sect. 1 lit. f and art. 28.
Collecting of Access Dates and Log Files
We or our hosting providers will collect data on every access to the server hosting this online service (so called server log files) based on our legitimate interests as defined in GDPR art. 6 sect. 1 lit. f. Among these access data are the name of the website retrieved, file, date and time of retrieval, amount of data transferred, report of successful retrieval, type and version of browser, user's systems software, referrer URL (website visited before), IP address and requesting provider.
Log file information will be retained for a maximum of 31 days for security reasons (e.g. investigation of criminal acts) and deleted thereafter. If data is needed for later evidence this data will only be deleted after the according incident is fully cleared.
We can use temporary and permanent cookies. "Cookies" mean small files being stored on the user's computers. In these cookies various information can be stored. Main purpose of a cookie is to retain information about a user (or the device in which the cookie is stored) while or after visiting our online offer.
Temporary cookies (or session cookies or transient cookies) are cookies that will be deleted after users leave our online offer and close their browser. Such a cookie will store e.g. a login status.
Permanent cookies are cookies that will be retained after closing the browser. Such a cookie will store e.g. a repeated login status if users return to our website on several days.
If users don't want cookies to be stored on their computers they are asked to deactivate this option in their browser's settings. All stored cookies can be deleted in browser's settings. If you decline cookies, functional restrictions of our online offer may result.
Connections to Social Media, external Online Presences
There are no other links to social media in our online offer.
We do not use any analysis tools (e.g. Google Analytics) for our online offer.
Internet Advertising and Affiliate Marketing
We do not participate in any advertising activities (e.g. Google AdWords ) or any affiliate marketing programs (e.g. DoubleClick).
Automated Data Evaluation
We do not carry out any automated decision making or profiling based on data collected from persons concerned.