Data Privacy Statement
Name and contact of the controller under Article 4 (7) GDPR
+49 2521 88-0
Data protection officer
Security and protection of your personal data
We feel it is our foremost responsibility to guard the confidentiality of the personal data you have provided and protect them from unauthorised access. Therefore, we use the utmost care and up-to-date security standards to guarantee maximal protection of your personal data.
As a company governed by private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the Federal Data Protection Act (BDSG). We have taken technical and organisational measures which ensure that both we and our external service providers observe data protection provisions.
The legislature demands that personal data be processed legally, in good faith, and in a manner that is transparent for the data subject (“legality, processing in good faith, transparency”). To guarantee this will occur, we wish to inform you about the individual statutory definitions used in this data privacy statement:
“Personal data” means all information related to an identified or identifiable natural person (“data subject”). A natural person is deemed “identifiable” if they can be directly or indirectly identified, especially by allocating them to an identifier such as a name, ID number, location data, an online identifier, or to one or more particular characteristics which express this natural person’s physical, physiological, genetic, mental, economic, cultural or social identity.
“Processing” means any operation executed with or without the help of automatic procedures, or any such series of operations in connection with personal data, such as collecting, recording, organising, filing, storing, adjusting or altering, reading, requesting, using, disclosing through transmission, dissemination or another form of provision, comparing or connecting, restricting, deleting or destroying such data.
Restriction of processing
“Restriction of processing” means marking stored personal data with the goal of restricting its processing in the future.
“Profiling” means any type of automatic processing of personal data in which those data are used to assess certain personal aspects related to a natural person, especially to analyse or predict aspects regarding their work performance, economic situation, health, personal preferences, interests, reliability, behaviour, abode or change of location.
“Pseudonymisation” means processing personal data to prevent them from being linked to a specific data subject without drawing on additional information, provided this additional information is retained separately and is subject to technical and organisational measures which guarantee that the personal data cannot be allocated to an identified or identifiable natural person.
A “file system” means any structured collection of personal data which is accessible according to certain criteria, regardless of whether this collection is kept centrally or locally or arranged according to functional or geographic aspects.
“Controller” means a natural person or legal entity, government agency, institution or other agency which, alone or in conjunction with others, decides on the purpose and means of processing personal data. If the purpose and means of that processing are prescribed by the law of the European Union or its member states, those laws may also prescribe who the controller must be or the specific criteria according to which the controller must be named.
“Processor” means a natural person or legal entity, government agency, institution or other agency which processes personal data on behalf of the controller.
“Recipient” means a natural person or legal entity, government agency, institution or other agency to which personal data are disclosed, regardless of whether that recipient is a third party. However, authorities who obtain personal data due to a specific investigation mandate under the law of the European Union or its member states are not deemed recipients. The authorities named process that data according to applicable data protection provisions and the purpose of the processing.
“Third party” means a natural person or legal entity, government agency, institution or other agency, besides the data subject, the controller, the processor and the people for whom the controller or the processor are directly responsible, who are authorised to process the personal data.
“Consent” from the data subject means any expression of intent which is voluntarily and unmistakeably given for the case at hand, in an informed manner, in the form of a declaration of other unambiguous affirming action, with which the data subject makes understood that party agrees to the processing of the personal data concerning them.
Legality of processing
The processing of personal data is legal only if it has a legal basis. Under Article 6 (1) a–f GDPR, such legal bases are particularly constituted if:
- the data subject has consented to the processing of the personal data concerning them for one or more specific purposes;
- processing is necessary to fulfil a contract to which the data subject is party, or to execute pre-contractual measures on the data subject’s request;
- processing is necessary to fulfil a legal obligation to which the controller is subject;
- processing is necessary to protect vital interests of the data subject or another natural person;
- processing is necessary to carry out a task in the public interest or in the exercise of public authority vested in the controller;
- processing is necessary to guard the legitimate interests of the controller or a third party, unless this need is outweighed by the interests or basic rights and freedoms of the data subject which require that the personal data be protected, especially if the data subject is a child.
Information about the collection of personal data
(1) In the following, we will inform you about the collection of personal data when you use our website. Examples of personal data include?Name, address, email addresses, and user behaviour.
(2) If you contact us through email or a contact form, we will store the data you communicate (your email address and possibly your name and telephone number) to answer your questions. We will delete the data accumulated in this context as soon as storage is no longer necessary, or processing will be restricted if statutory retention requirements exist.
Collection of personal data when you visit our website
If you are using our website only for informational purposes and thus do not register or otherwise transmit information to us, we will collect only the personal data that your browser transmits to our server. If you would like to look at our website, we will collect the following data, which are technically necessary for us to show you our website and guarantee its stability and security (legal basis is Art. 6 (1) sentence 1 f GDPR):
- Date and time of request
- Time zone difference to Greenwich Mean Time (GMT)
- Contents of the request (specific page)
- Access status / HTTP status code
- Data quantity transferred each time
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
(1) In addition to the aforementioned data, cookies will be stored on your computer when you use our website. Cookies are small text files which are stored on your hard drive by the browser you use and which send certain information to the party who sent the cookies. Cookies cannot execute programmes or transmit viruses to your computer. They serve only to make the internet services more user-friendly and effective as a whole.
(2) This website uses the following types of cookies, whose scope and functionality is explained in the following:
- Transient Cookies (see a.)
- Persistent Cookies (see b.)
a. Transient Cookies are deleted automatically when you close your browser. They particularly include session cookies. These store what is known as a “session ID”, with which various requests of your browser can be allocated to the joint session. This lets us recognise your computer whenever you revisit our website. Session cookies are deleted when you log out or close your browser.
b. Persistent Cookies are deleted automatically after a specified period, which can differ according to the cookie. You can delete the cookies in your browser’s security settings at any time.
c. You can configure your browser settings accordingly, and, for?example, reject the acceptance of third-party cookies or all cookies. “Third-party cookies” are set by a third party—not by the actual website one is currently visiting. Please note that if you deactivate cookies you might not be able to use all this website’s functions.
Additional functions and services of our website
(1) Besides the purely informative use of our website, we offer various services which you can use if interested. To do so, you must usually provide additional personal data which we use to render the service in question and to which the aforementioned principles of data processing apply.
(2) We will sometimes use external service providers to process your data. We have selected and commissioned them carefully. They are bound by our instructions and are supervised periodically.
(3) We may also forward your personal data to third parties if we offer services in conjunction with partners, such as special offers, sweepstakes, and contract conclusions. You can obtain additional information by providing your personal data or reading the description below the offer.
(4) If our service provider or partner is domiciled in a state outside the European Economic Area (EEA), we will include any consequences this entails in the offer description.
(1) By providing your consent, you may subscribe to our newsletter to receive updates on services which may interest you. The advertised goods and services are named in the declaration of consent.
(2) When you register for our newsletter, we use a double opt-in procedure. This means that after you register, we will send you an email to the address provided. In that email, we will ask you to confirm that you wish to receive the newsletter. If you fail to confirm your registration within 24 hours, your information will be blocked, and deleted automatically after one month. And we always store the IP address you used, as well as the time of registration and confirmation. The purpose of the procedure is to verify your registration and clear up any possible misuse of your personal data.
(3) The only information we need to send the newsletter is your email address. The other, separately marked data is voluntary and will be used to address you personally. After you confirm, we will store your email address to send the newsletter. The legal basis is Art. 6 (1) sentence 1 a GDPR.
(4) You may always unsubscribe from the newsletter by withdrawing your consent to receive it. You may declare your withdrawal by clicking on the link included in every newsletter email, by sending an email to email@example.com or by sending a message to the contact data included in the Impressum (legal notice).
(5) Please note that when we send the newsletter we evaluate your user behaviour. For this evaluation, the emails we send contain web beacons or tracking pixels. These constitute one-pixel image files and are stored on our website. For the evaluations, we connect the web beacons and the data mentioned in § 3 with your email address and individual ID. The data will be collected only in pseudonymised form, so the IDs will not be connected with your other personal data, ruling out any chance for personal reference. You can always object to this tracking by clicking on the separate link provided in every email, or by informing us through another means of contact. We will store the information as long as you are subscribing to the newsletter. After you unsubscribe, we will store the data only in anonymised form for statistical purposes.
Our services are meant for adults. People under 18 should get permission from their parent or legal guardian before transmitting personal data to us.
Rights of the data subject
(1) Withdrawal of consent
If your personal data is being processed based on consent you have granted, you may always withdraw that consent. Withdrawing your consent will not affect the legality of processing that has already occurred based on your consent.
To exercise your right of withdrawal, you may contact us at any time.
(2) Right to confirmation
You have the right to demand confirmation from the controller about whether we are processing personal data about you. You may demand this confirmation at any time, at the contact data indicated above.
(3) Right of access to information
If personal data are being processed, you can always demand information about these data and about the following information:
- the purpose of processing;
- the categories of personal data that are being processed;
- the recipients or categories of recipients to whom the personal data are or will be disclosed, especially if those recipients are located in third countries or international organisations;
- if possible, how long the personal data is planned to be stored, or if this is impossible, the criteria for ascertaining that period;
- the existence of a right to rectification or erasure of the personal data concerning you, or the restriction of the processing by the controller or a right of objection against this processing;
- the existence of a right to lodge a complaint with a supervisory authority;
- if the personal data are not collected from the data subject, all available data about the data’s origin;
- the existence of any automatic decision-making, including profiling pursuant to Article 22 (1 and 4) GDPR and—at least in these cases—meaningful information about the involved logic and implications and sought-after effects of such processing for the data subject.
If personal data are transmitted to a third country or international organisation, you have the right to be informed about the appropriate guarantees under Article 46 GDPR in connection with the transmission. We will provide you with one copy of the personal data which are the object of processing. For all additional copies you request, we may charge a reasonable fee based on the administrative costs. If the request is made electronically, the information must be provided in a commonly used electronic format unless otherwise stipulated. The right to obtain a copy pursuant to section 3 may not impair the rights and freedoms of other people.
(4) Right to rectification
You always have the right to demand that we rectify any incorrect personal data concerning you. Under consideration of the purpose of processing, you have the right to demand that incomplete personal data be completed, including by means of a supplementary declaration.
(5) Right to erasure (“right to be forgotten”)
You have the right to demand from the controller that the personal data concerning you be erased, and we are obligated to erase that data without undue delay for one of the following reasons:
- The personal data are no longer needed for the purposes for which they were collected or otherwise processed.
- The data subject withdraws their consent on which the processing under Article 6 (1) a or Article 9 (2) a GDPR is based, and there is no other legal basis for the processing.
- The data subject lodges a complaint against the processing under Article 21 (1) GDPR, and there are no overriding legitimate reasons for that processing, or the data subject lodges a complaint against the processing under Article 21 (2) GDPR.
- The personal data were processed illegally.
- The personal data must be erased to fulfil a legal obligation under EU or member state law to which the controller is subject.
- The personal data were collected in regard to services offered by the information society under Article 8 (1) GDPR.
If the controller has published the personal data and is obligated under paragraph 1 to erase them, the controller shall take reasonable measures, including technical ones, under consideration of available technology and implementation costs, to inform the controller for the data processing who processes the personal data that a data subject has demanded that they erase all links to those personal data or copies or replications thereof.
The right to erasure (“right to be forgotten”) does not exist if the processing is necessary:
- to exercise the right to information and free expression of opinion;
- to fulfil a legal obligation which requires the processing under EU or member state law to which the controller is subject, or to carry out a task in the public interest or in the exercise of public authority vested in the controller;
- for reasons of public interest in the area of public health under Article 9 (2) (h and i) and Article 9 (3) GDPR;
- for purposes of archiving, science or historical research which lie in the public interest, or for statistical purposes under Art. 89 (1) GDPR, insofar as the right mentioned in paragraph 1 is expected to prevent or seriously impair the realisation of this agreement’s objectives, or
- to assert, exercise or defend against legal claims.
(6) Right to restriction of processing
You have the right to demand that we restrict the processing of your personal data if one of the following conditions is met:
- if the data subject disputes that the personal data is correct, for a duration which enables the controller to check its correctness, die Richtigkeit der personenbezogenen Daten zu überprüfen,
- the processing is incorrect and the data subject waives their right to have the personal data erased, instead demanding that the data’s use be restricted;
- the controller of the personal data no longer needs them for the purposes of their processing, but the data subject needs them to assert, exercise or defend against legal claims, or
- the data subject has filed an objection against the processing under Article 21 (1) GDPR, provided it has not yet been established whether the legitimate reasons of the controller outweigh those of the data subject.
If the processing has been restricted, these personal data—regardless of their storage—may be processed only (1) with the data subject’s consent, (2) to assert, exercise or defend against legal claims, (3) to protect the rights of another natural person or legal entity, or (4) for reasons of an important public interest of the EU or a member state.
To exercise their right to restriction of processing, the data subject may contact us at any time using the contact data given above.
(7) Right to data portability
You have the right to receive these personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit these data to another controller without hindrance from the controller to which the personal data were provided, as long as:
- the processing is based on consent under Article 6 (1) a or Article 9 (2) a or on a contract under Article 6 (1) b GDPR and
- the processing occurs with the help of automated procedures.
In exercising this right of data portability under paragraph 1, you may also have the personal data transmitted directly from one controller to another, insofar as this is technically feasible. Exercising the right to data portability does not affect the right to erasure (“right to be forgotten”). This right does not apply to processing which is necessary to carry out a task in the public interest or in the exercise of public authority vested in the controller.
(8) Right to object
You have the right to object at any time, for reasons arising from your particular situation, to personal data concerning you being processed based on Article 6 (1) e or f GDPR. This also applies to profiling based on these provisions. The controller shall no longer process the personal data unless that party can prove compulsory reasons for doing so that are worth protecting, which outweigh the data subjects’ interests, rights and freedoms, or the processing helps to assert, exercise or defend against legal claims.
If the personal data are processed for direct marketing purposes, you may object to that processing at any time. This also applies to any profiling connected to such direct marketing. If you object to having personal data processed for direct marketing purposes, this processing will be discontinued.
In connection with the use of information society services, you may exercise your right to object using an automatic procedure in which technical specifications are used (regardless of Directive 2002/58/EC).
You have the right, for reasons arising from your particular situation, to object to the processing of the personal data concerning you, which occurs for scientific or historical research purposes or for statistical purposes under Article 89 (1), unless that processing is necessary for a task in the public interest.
You may always contact the controller in question to exercise your right to object.
(9) Automatic decision-making in individual cases, including profiling
You have the right not to be subject to a decision based exclusively on automated processing—including profiling—which legally affects or otherwise significantly impairs you. This does not apply if that decision:
- is necessary to conclude or fulfil a contract between the data subject and the controller,
- is permitted under EU or member state law to which the controller is subject and which stipulates reasonable measures for guarding the data subject’s rights, freedoms and legitimate interests, or
- with the express consent of the data subject.
The controller shall take reasonable measures to guard the data subject’s rights, freedoms and legitimate interests, which must include at least the right to obtain human intervention on the part of the controller, to present the data subject’s own point of view, and to contest the decision.
The data subject may always exercise their right to object by contacting the controller in question.
(10) Right to complain to a supervisory authority
If the data subject believes that the processing of the personal data concerning them breaches the GDPR, they have the right to complain to a supervisory authority—especially in the member state of the data subject’s abode, workplace, or the place of the suspected breach—without prejudice to other administrative rights or judicial remedies.
(11) Right to effective legal remedy
Without prejudice to any available administrative right or judicial remedy, including the right to complain to a supervisory authority under Article 77 GDPR, the data subject has the right to an effective legal remedy if the data subject believes that the rights to which they are entitled under this directive have been breached because the processing of their personal data failed to comply with this directive.
Use of Google Analytics
(2) The IP address transmitted by your browser as part of Google Analytics will not be pooled with other Google data
(3) (3) You can prevent the cookies from being stored by adjusting your browser settings accordingly, but we must point out that if you do, you might not be able to use all of this website’s functions to their full extent. You can also prevent Google from recording and processing the data generated by the cookie which relates to your use of the website (including your IP address) by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en-GB.
(4) This website uses Google Analytics with the extension “anonymizeIP()”. This means that IP addresses will be further processed in truncated form, thus ruling out any direct connection to a specific person. If the collected data which concern you gain a personal reference, this will be ruled out immediately and the personal data will be erased without undue delay.
(5) We use Google Analytics to analyse the use of our website and improve it periodically. We can use the statistics we gain to improve our services and make them more interesting for you as a user. For the exceptional cases in which personal data is transmitted to the USA, Google participates in the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for using Google Analytics is Art. 6 (1) sentence 1 f GDPR.
(6) Information of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436?1001.
Usage conditions: http://www.google.com/analytics/terms/en-GB.html, overview of data privacy: http://www.google.com/intl/en-GB/analytics/learn/privacy.html, as well as the data privacy statement: http://www.google.de/intl/en-GB/policies/privacy.
(7) This website also uses Google Analytics for a cross-device analysis of the influx of visitors, which is performed via a user ID. You can deactivate the cross-device analysis of your usage by going to your customer account under “My Data” > “Personal Data”.
Use of Google Web Fonts
For a uniform presentation of fonts, this website uses so-called Web Fonts which are provided by Google. When a page is retrieved, your browser loads the Web Fonts required into your browser cache in order to correctly display texts and fonts.
When Web Fonts are shown, the browser used by you must make a connection to the Google servers. As a result, Google gains knowledge of the fact that our website has been retrieved via your IP address. The use of Google Web Fonts is made in the interest of providing a uniform, attractive presentation of our website. This is a justified interest as defined in Article 6 (1), point f of the GDPR. If your browser does not support Web Fonts, a standard front is used by your computer.
Information from the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
We use external service providers (processors) for such tasks as sending goods and newsletters or handling payments. A separate contract for commissioned data processing is concluded with the service provider to guarantee your personal data will be protected.
We cooperate with the following service providers:
- Google Analytics
- Teuto.net Netzdienste GmbH