Declaration of Data Protection
This data protection declaration informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offer and the websites, functions and contents connected with it as well as external online presences, such as our social media profiles (hereinafter jointly referred to as “online offer”). With regard to the terms used, such as “processing” or “controller”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (DSGVO).
Managing Directors: Andreas Hessenthaler, Bernd Kettemann
If you have any questions about the processing of your data, you can contact us as follows:
By letter: post to the address listed above, for the attention of the data protection officer.
By E-Mail: Contact Data Protection Officer
Types of Data Processed
- Inventory data (e.g., names, addresses).
- Contact data (e.g., e-mail, telephone numbers).
- Content data (e.g., text entries, photographs, videos).
- Usage data (e.g., web pages visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
Categories of Persons Affected:
Visitors and users of the online offer (hereinafter we also refer to the data subjects collectively as “users”).
Purpose of the Processing
- Provision of the online offer, its functions and contents.
- Responding to contact requests and communicating with users.
- Security measures.
- Reach measurement/marketing.
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
“Pseudonymisation” means the processing of personal data in such a way that personal data can no longer be related to a specific data subject without additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
“Profiling” means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
“Responsible” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
“Data Officer” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the person responsible.
Relevant Legal Basis
In accordance with Article 13 of the GDPR, we will inform you of the legal basis for our data processing activities. If the legal basis is not mentioned in the privacy statement, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 DSGVO, the legal basis for processing in order to fulfil our services and carry out contractual measures and respond to enquiries is Art. 6(1)(b) DSGVO, the legal basis for processing in order to fulfil our legal obligations is Art. 6(1)(c) DSGVO, and the legal basis for processing in order to protect our legitimate interests is Art. 6(1)(f) DSGVO. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d DSGVO serves as the legal basis.
We take appropriate technical and organisational measures in accordance with Art. 32 DSGVO, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input, disclosure, ensuring availability and segregation of the data. We also have procedures in place to ensure the exercise of data subjects’ rights, deletion of data and response to data compromise. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 DSGVO).
Cooperation Between Data Officers and Third Parties
If, in the course of our processing, we disclose data to other persons and companies (order processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 (1) lit. b DSGVO), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties to process data on the basis of a so-called “order processing agreement”, this is done on the basis of Art. 28 DSGVO.
Transfers to Third Countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done if it is done in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or allow the processing of data in a third country if the special requirements of Art. 44 ff. DSGVO are met. This means, for example, that the processing is carried out on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).
Rights of Affected Persons
You have the right to request confirmation as to whether data in question is being processed and to information about this data as well as further information and a copy of the data in accordance with Art. 15 DSGVO.
You have according to. Article 16 of the GDPR, you have the right to request that the data concerning you be completed or that the inaccurate data concerning you be corrected.
In accordance with Art. 17 of the GDPR, you have the right to demand that the data in question be deleted without delay, or alternatively, in accordance with Art. 18 of the GDPR, to demand that the processing of the data be restricted.
You have the right to request that the data concerning you that you have provided to us be received in accordance with Art. 20 of the GDPR and to request that it be transferred to other data processors.
You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 DSGVO.
Right of Withdrawal
You have the right to revoke any consent you have given in accordance with Art. 7 (3) DSGVO with effect for the future.
Right of Objection
You may object to the future processing of data relating to you in accordance with Art. 21 DSGVO at any time. The objection can be made in particular against the processing for purposes of direct advertising.