Name and contact details of the person(s) responsible
Our responsible person(s) (hereinafter referred to as the „responsible person“) with regard to art. 4 no. 7 DS-GVO is
Commercial register/no.: HRB 98748
Court of registry: Local court Berlin
Data protection officer
Types of data, purposes of processing and categories of personal data
In the following, we inform you about the modalites, scope and purpose of the collection, processing and use of personal data.
- Types of data we process
Data on usage (access times, websites accessed, etc.), inventory data (name, address, etc.), contact data (telephone number, e-mail, fax, etc.), content data (text entries, videos, photos, etc.), communication data (IP address, etc.)
- Purposes of data processing according to art. 13, paragraph 1 c) DS-GVOB
Purpose of evidence/ preservation of evidence, technical and economic optimization of the website, easy access to the website, fulfilment of contractual obligations, contact in the event of legal complaints by third parties, fulfilment of legal storage obligations, optimization and statistical analysis of our services, support for commercial use of the website, improving the user`s experience, designing the website user-friendly, compiling statistics, determining copy probability of content, preventing SPAM and abuse, customer service and customer care, handling contact inquiries, providing websites with features and content, security measures, uninterrupted, secure operation of our website.
- Categories of data subjects according to art. 13 paragraph 1 e) DS-GVO
Visitors/users of the website, customers, suppliers, interested parties, employees, employees of customers or suppliers
The data subjects are collectively referred to as „users“.
Legal basis for the processing of personal data
In the following we inform you about the legal basis for the processing of personal data:
- If we have obtained your consent for the processing of personal data, art. 6 paragraph 1 sentence 1 lit. a) DS-GVO is the legal basis.
- If the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures taken in response to your request, art. 6 paragraph 1 sentence 1 letter b) DS-GVO is the legal basis.
- If the processing is necessary for the fulfilment of a legal obligation to which we are subject (e.g. legal storage obligations), art. 6 paragraph 1 sentence 1 lit. c) DS-GVO is the legal basis.
- If the processing is necessary to protect vital interests of the data subject or another natural person, art. 6 paragraph 1 sentence 1 lit. d) DS-GVO is the legal basis.
- If the processing is necessary to protect our interests or the legitimate interests of a third party and your interests or fundamental rights and freedoms do not prevail in this respect, art. 6 paragraph 1 sentence 1 lit. f) DS-GVO is the legal basis.
Transfer of personal data to third parties and processors
Without your consent, we will not pass on any data to third parties. Should this be the case, however, the transfer will take place on the basis of the aforementioned legal bases, e.g. when data is passed on to online payment providers for the purpose of fulfilling a contract or due to a court order or due to a legal obligation to hand over the data for the purpose of criminal prosecution, to avert danger or to enforce intellectual property rights.
We also use contract processors (external service providers e.g. for web hosting of our websites and databases) to process your data. If data is passed on to the processors within the framework of an agreement on order processing, this is always done in accordance with Art. 28 DS-GVO. We select our processors carefully, check them regularly and have been granted the right to issue instructions regarding the data. In addition, the processors must have taken suitable technical and organizational measures and comply with the data protection regulations according to BDSG and DS-GVO
Data transfer to third countries
With the adoption of the European Data Protection Basic Regulation (DS-GVO), a uniform basis for data protection in Europe was created. Your data is therefore processed primarily by companies to which the DS-GVO applies. If, however, processing is carried out by services of third parties outside the European Union or the European Economic Area, they must comply with the special requirements of Art. 44 ff. DS-GVO. This means that the processing is carried out on the basis of special guarantees, such as the EU Commission’s officially recognized determination of a level of data protection corresponding to that of the EU or in compliance with officially recognized special contractual obligations, the so-called „standard contractual clauses“. In the case of US companies, submission to the so-called „privacy shield“, the data protection agreement between the EU and the USA, fulfils these requirements.
Deletion of data and storage duration
Unless otherwise stated in this data protection declaration, your personal data will be deleted or blocked as soon as the consent granted for processing is revoked by you or the purpose for storing the data no longer applies or the data is no longer required for the purpose, unless its further storage is required for evidence purposes or this is opposed by statutory storage obligations. This includes, for example, commercial storage obligations for business letters according to § 257 para. 1 HGB (6 years) as well as tax storage obligations according to § 147 para. 1 AO of receipts (10 years). When the prescribed retention period expires, your data will be blocked or deleted, unless the storage is still necessary for the conclusion or fulfillment of a contract.
Existence of an automated decision-making process
We do not use automatic decision-making or profiling.
Provision of our website and creation of log files
- If you use our website for informational purposes only (i.e. no registration or other transmission of information), we only collect the personal data that your browser sends to our server. When visiting our website, we collect the following data
– IP address;
– internet service provider of the user;
– date and time of access;
– browser type;
– language and browser version;
– content of the request;
– time zone;
– access status/HTTP status code;
– data volume;
– websites from which the request comes;
– operating system.
This data is not stored together with any of the user’s other personal data.
- This data serves the purpose of user-friendly, functional and secure delivery of our website to you with functions and contents as well as their optimization and statistical evaluation.
- The legal basis for this is our justified interest in data processing in accordance with art. 6 paragraph 1 s.1 lit. f) DS-GVO, which is also based on the above-mentioned purposes.
- For security reasons, we store this data in server log files for the storage period of 56 days. After this period, they are automatically deleted, unless we need to keep them for evidence in case of attacks on the server infrastructure or other legal violations.
- Data categories: User data, cookie, user ID (including the sites visited, device information, access times and IP addresses).
- Purposes of processing: The information obtained in this way serves the purpose of optimizing our web offers both technically and economically and to enable a more easy and secure access to our website.
- Legal basis: If we process your personal data with the help of cookies on the basis of your consent („opt-in“), then art. 6 paragraph 1 sentence 1 lit. a) DSGVO is the legal basis. Otherwise we have a legitimate interest in the effective functionality, improvement and economic operation of the website, so that in this case art. 6 paragraph 1 sentence 1 lit. f) DS-GVO is the legal basis. In addition, the legal basis is art. 6 paragraph 1 sentence 1 lit. b) DS-GVO, if the cookies are used to initiate a contract, e.g. when placing an order.
- Objection and „Opt-Out“: You can generally prevent cookies from being stored on your hard drive, regardless of consent or legal permission, by selecting „do not accept cookies“ in your browser settings. However, this may result in a functional limitation of our offers. You can object to the use of third-party cookies for advertising purposes by means of a so-called „opt-out“ via this American website (https://optout.aboutads.info) or the European website (http://www.youronlinechoices.com/de/praferenzmanagement/).
Contact via contact form / e-mail / fax / mail
- If you contact us by contact form, fax, post or e-mail, your data will be processed for the purpose of processing your contact request.
- The legal basis for the processing of the data is art. 6 paragraph 1 sentence 1 lit. a) DS-GVO if you have given your consent. The legal basis for the processing of data transmitted in the course of a contact inquiry or e-mail, letter or fax is art. 6 paragraph 1 sentence 1 letter f) DS-GVO. The person responsible has a legitimate interest in the processing and storage of the data in order to be able to respond to user inquiries, to secure evidence for liability reasons and, if necessary, to be able to comply with his or her legal obligations to retain business letters. If the purpose of the contact is the conclusion of a contract, an additional legal basis for the processing is art. 6 paragraph 1 sentence 1 lit. b) DS-GVO.
- We may store your information and contact request in our Customer Relationship Management system („CRM system“) or similar system.
- The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with you has ended. The conversation ends when it is clear from the circumstances that the matter in question has been finally clarified. Inquiries from users who have an account or a contract with us will be stored for a period of two years after termination of the contract. In the case of legal archiving obligations, deletion takes place after their expiration: end of commercial law (6 years) and tax law (10 years) retention obligation.
- You have the option of withdrawing your consent to the processing of personal data in accordance with Art. 6 Paragraph 1 S. 1 lit. a) DS-GVO at any time. If you contact us via e-mail, you can object to the storage of your personal data at any time.
Contact by phone
- When contacting us by phone, your phone number will be processed and temporarily stored or displayed in the RAM / cache of the phone device / display for the purpose of processing the contact request and its handling. The storage is done for liability and security reasons to be able to prove the call and for economic reasons to enable a call back. In case of unauthorized advertising calls, we block the phone numbers.
- The legal basis for the processing of the telephone number is art. 6 paragraph 1 sentence 1 lit. f) DS-GVO. If the aim of the contact is to conclude a contract, the additional legal basis for processing is art. 6 paragraph 1, lit. b) DS-GVO.
- The device cache stores the calls for 30 days and successively overwrites or deletes old data. When the device is disposed of, all data is deleted and the memory is destroyed if necessary. Blocked phone numbers are checked annually for the necessity of blocking.
- You can prevent the phone number from being displayed by calling with the phone number suppressed.
Google AdWords with conversion tracking
- We use the service „Google Ads with Conversion Tracking“ (Service Provider: Google Ireland Limited, Register No.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) to advertise third party websites by displaying ads on our website.
- Data categories and description of data processing: Usage of data/ communication data. When you click on a Google ad from us, a cookie is stored in your browser, which is valid for about 30 days. If you then visit our website, we and Google can use the cookie to evaluate whether you have visited our website and which of our pages you have visited. Google creates statistics about this. The data is also transferred to the USA and analyzed there. If you are logged in with a Google account, the data can be assigned to your account by AdWords. If you do not wish this to happen, you must log out before visiting our website.
- Purpose of data processing: This conversion tracking serves the purpose of analysis/success measurement, optimization and economic operation of our advertising and website.
- Legal basis: If you have given your consent („opt-in“) to the processing of your personal data by means of „Google Ads with conversion tracking“, then art. 6 (1) sentence 1 lit. a) DS-GVO is the legal basis. Otherwise, the legal basis for the processing of your data is our legitimate interest in the analysis, optimization and efficient economic operation of our advertising and website in accordance with art. 6 paragraph 1 sentence 1 lit. f) DS-GVO.
- Data transfer/recipient category: Google Ireland, USA; Google USA is certified according to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
- Storage period: up to 540 days.
- Opt-out and opt-in options: You can opt-out or prevent Google from installing cookies in several ways:- You can disable cookies in your browser by selecting the „do not accept cookies“ setting, which includes third-party cookies;- You can disable conversion tracking directly from Google by clicking on the https://adssettings.google.com link, but this setting will only persist until you delete your cookies.- You can disable the personalized ads of third party advertisers participating in the advertising self-regulation initiative „About Ads“ by clicking https://optout.aboutads.info for US sites or http://www.youronlinechoices.com/de/praferenzmanagement/ for EU sites, but only until you delete all your cookies;- You can disable cookies permanently by using a Chrome, Firefox or Internet Explorer browser plug-in at https://support.google.com/ads/answer/7395996. This deactivation may mean that you can no longer use all the functions of our website to their full extent.
- We have integrated maps from „Google Maps“ (provider: Google Ireland Limited, Register No.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) on our website.
- Data category and description of data processing: usage data (e.g. IP, location, page accessed). With Google Maps, we can display the location of addresses and directions directly on our website on interactive maps and enable you to use this tool. When you call up our website, where Google Maps is integrated, a connection to the Google servers in the USA is established. Your IP and location can be transmitted to Google. Google also receives the information that you have called up the corresponding page. This is also done when you have no user account from Google. If you are logged into your Google account, Google can assign the above data to your account. If you do not want this, you must log out of your Google account. Google creates user profiles from such data and uses these data for the purpose of advertising, market research or optimization of its websites.
- Purpose of processing: To provide a user-friendly, economical and optimized website.
- Legal basis: If you have given your consent („opt-in“) for the processing of your personal data using „Google Maps“ by the third-party provider, then art. 6 (1) sentence 1 lit. a) DS-GVO is the legal basis. The legal basis is also our legitimate interest in data processing for the above purposes in accordance with art. 6 paragraph 1sentence 1 lit. f) DS-GVO.
- Data transfer/recipient category: Third party providers in the USA. Google is certified under the Privacy Shield Agreement (https://www.privacyshield.gov/EU-US-Framework). This ensures that European data protection law is preserved.
- Storage period: Cookies up to 6 months or until you delete them. Otherwise as soon as they are no longer needed for processing purposes.
- Possibility of objection and removal: You have a right of objection to Google against the creation of user profiles. Therefore, please contact Google directly via the data protection declaration below. You can make an opt-out objection regarding advertising cookies here in your Google account:
Presence in social media
- Data categories and description of data processing: data on usage, contact data, content data, inventory data. Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created based on the usage behavior and the resulting interests of the users. The user profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users‘ computers, in which the usage behavior and interests of the users are stored. Furthermore, data may also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them). For a detailed description of the respective forms of processing and the possibilities of objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks. Also, in the case of requests for information and the assertion of data subject rights, we would like to point out that these can most effectively be asserted with the providers. Only the providers have access to the data of the users in each case and can directly take appropriate measures and provide information. Should you nevertheless require assistance, you can contact us.
- Purpose of the processing: Communication with the users connected and registered on the social networks; information and advertising for our products, offers and services; presentation and image cultivation; evaluation and analysis of the users and contents of our presence in the social media.
- Legal basis: The legal basis for the processing of personal data is our legitimate interest in the above-mentioned purposes in accordance with art. 6 paragraph 1sentence 1 lit. f) DS-GVO. If you have given us or the person responsible for the social network your consent to process your personal data, the legal basis is art. 6 paragraph 1 sentence 1 lit. a) in conjunction with art. 7 DS-GVO.
- Data transmission/recipient category: social network. When the US providers are certified under the Privacy Shield Agreement (https://www.privacyshield.gov/EU-US-Framework), it is ensured that European data protection law is complied with.
Rights of the data subject
- Objection or revocation against the processing of your data If the processing is based on your consent in accordance with art. 6 paragraph 1 sentence 1 lit. a), Art. 7 DS-GVO, you have the right to revoke your consent at any time. This does not affect the lawfulness of the processing carried out on the basis of your consent until revocation. If we base the processing of your personal data on the weighing of interests in accordance with art. 6 paragraph 1 sentence 1 lit. f) DS-GVO, you may object to the processing. This is the case if the processing is in particular not necessary for the fulfilment of a contract with you, which is described by us in the following description of the functions. In the event of such an objection, we request that you explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either stop or adapt the data processing or demonstrate you our compelling reasons for continuing the processing which are worthy of protection. You can object to the processing of your personal data for the purposes of advertising and data analysis at any time. You can exercise the right of objection free of charge. You can inform us about your objection to advertising under the following contact details:
Dr. Ben J. Lipps, Christian von Volkmann
Commercial Register/No.: HRB 98748
Court of registry: Berlin District Court
E-Mail address: firstname.lastname@example.org
- Right to information
You have a right to information about your personal data stored with us in accordance with Art. 15 DS-GVO. This includes, in particular, information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, unless it was collected directly from you.
- Right to correction
You have a right to correct incorrect data or to complete correct data in accordance with art. 16 DS-GVO.
- Right to deletion
You have the right to delete your data stored with us in accordance with art. 17 DS-GVO, unless legal or contractual retention periods or other legal obligations or rights to further storage conflict with this.
- Right to limitation
You have the right to request a limitation in the processing of your personal data if one of the conditions in art. 18, paragraph 1, letter a) to d) DS Block Exemption Regulation is fulfilled
:- if you dispute the accuracy of the personal data concerning you for a period of time that allows the controller to verify the accuracy of the personal data;- if the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;- if the controller no longer needs the personal data for the purposes of the processing, but you need them for the purposes of asserting, exercising or defending legal claims; or- if you object to the processing in accordance with Art. 21 (1) DS-GVO and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.
- Right to data transferability
You have a right to data transferability in accordance with Art. 20 DS-GVO, which means that you can receive the personal data we have stored about you in a structured, common and machine-readable format or request that it be transferred to another responsible party.
- Right to appeal
You have a right to appeal to a supervisory authority. As a rule, you can refer to the supervisory authority, in particular in the Member State in which you are resident, your place of work or the place where the alleged infringement is committed.
In order to protect all personal data transmitted to us and to ensure that the data protection regulations are observed by us and our external service providers, we have taken appropriate technical and organizational security measures. Therefore, among other things, all data between your browser and our server is transmitted in encrypted form via a secure SSL connection.