Privacy Statement of Hanse Haus GmbH

Data protection
& cookies

We are very pleased about your interest in our company. Data protection is of particular importance for the management of Hanse Haus GmbH. The web pages of Hanse Haus GmbH may in principle be used without the provision of any personal data. However, if a data subject wishes to take advantage of our company’s special services through our website, the processing of personal data may be required. If the processing of personal data is required and there is no legal basis for such processing, we generally seek the consent of the data subject.

 

The processing of personal data such as the name, address, email address or telephone number of a data subject, always occurs in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection provisions applicable to Hanse Haus GmbH. Through this privacy statement, our company seeks to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Moreover, this privacy statement informs data subjects about their rights.

 

As the controller, Hanse Haus GmbH has implemented numerous technical and organisational measures to ensure the most complete protection possible of personal data processed via this website. Nevertheless, the transmission of data over the internet may generally have security gaps, which means that absolute protection cannot be guaranteed. For this reason, each data subject is free to submit personal data to us by alternative means, for example by telephone.

 

1. Definitions

The privacy statement of Hanse Haus GmbH is based on the terminology used by European legislative bodies in the adoption of the General Data Protection Regulation (GDPR). Our privacy statement should be easy to read and understand, both for the public as well as our customers and business partners. In order to ensure this, we would like to explain in advance the terminology used.

Among other things, we use the following terms in this privacy statement:

 

a) Personal data

Personal data refers to any information relating to an identified or identifiable natural person (hereinafter the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

b) Data subject

A data subject is any identified or identifiable natural person whose personal data are processed by the controller.

 

c) Processing

Processing refers to any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

d) Restriction of processing

Restriction of processing refers to the marking of stored personal data with the aim of limiting their processing in the future.

 

e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to analyse or predict certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

 

f) Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

 

g) Controller

The controller is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

 

h) Processor

The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

 

i) Recipient

The recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether or not a third party. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

 

j) Third party

A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

 

k) Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

2. Name and address of the controller

The controller as defined in the General Data Protection Regulation, other applicable data protection legislation in the Member States of the European Union, and other provisions relating to data protection is:

Hanse Haus GmbH 
Ludwig-Weber-Straße 18
97789 Oberleichtersbach
Germany

Tel.: +49 9741 8080
Email: info@hanse-haus.de
Website: www.hanse-haus.de

 

3. Name and address of the data protection officer

The data protection officer of the entity responsible for data processing is:

enthus GmbH
Location Sennfeld 
Frau Ann-Christin Nitz
Felix-Wankel-Str. 4
D-97526 Sennfeld
Tel.: +49 9721 67594-553
E-Mail: datenschutz@hanse-haus.de 
 

Any data subject can contact our data protection officer at any time with any questions or suggestions relating to data protection.

 

4. Cookies

The web pages of Hanse Haus GmbH use cookies. Cookies are text files which are filed and stored on a computer system via an internet browser.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of cookies. It consists of a string through which websites and servers can be assigned to the specific internet browser in which the cookie was saved. This allows visited websites and servers to distinguish the data subject’s browser from other internet browsers, which contain other cookies. A particular internet browser can be recognised and identified by the unique cookie ID.

Through the use of cookies, Hanse Haus GmbH can provide users of this website with more user-friendly services that would not be possible without the storage of cookies.

Through cookies, the information and offers on our website can be optimised for the benefit of the user. As already noted, cookies allow us to recognise the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, users of a website that implements cookies do not have to re-enter their login data every time they visit the website, since this is done by the website and the cookie stored on the user’s computer system. Another example is the cookie of a shopping cart in the online shop. The online shop remembers the items which a customer has placed in the virtual shopping cart via a cookie.

By adjusting the settings of the internet browser being used, the data subject can at any time prevent our website storing cookies and thus permanently refuse the storage of cookies. Moreover, previously saved cookies can be deleted at any time with an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the storage of cookies in the internet browser being used, not all functions of our website may be fully usable.

 

5. Collection of general data and information

The website of Hanse Haus GmbH collects a set of general data and information every time the website is accessed by a data subject or an automated system. This general data and information is stored in the log files of the server. The following things can be collected: the (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (the so-called referrer), (4) the sub-webpages controlled by an accessing system on our website, (5) the date and time of access to the website, (6) Internet Protocol (IP) addresses, (7) the internet service provider of the accessing system, and (8) other similar data and information which may help protect our information technology systems from attacks.

When using this general data and information, Hanse Haus GmbH does not draw any conclusions about the data subject. This information is instead required in order to (1) correctly deliver the contents of our website, (2) optimise the contents of our website and advertisement for it, (3) ensure the continued functioning of our information technology systems and the technology of our website, and (4) provide law enforcement agencies with the information necessary for prosecution in case of a cyber attack. This anonymously collected data and information are therefore statistically evaluated by Hanse Haus GmbH, with the aim of improving data protection and data security in our company. By doing so, we aim to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by data subjects.

 

6. Contact through the website

Due to legal provisions, the website of Hanse Haus GmbH contains information that enables quick electronic contact with our company and direct communication with us; this also includes a general address for so-called electronic mail (email address). If a data subject contacts the controller by email or through a contact form, the personal data provided by the data subject will be automatically saved. Such personal information provided on a voluntary basis by a data subject to the controller is stored for the purposes of processing or contacting the data subject. This personal data will not be transferred to third parties.

 

7. Routine erasure and blocking of personal data

The controller shall process and store the personal data of data subjects only for the period necessary for achieving the purpose of the storage, or if required by the laws or regulations of European legislative bodies or other lawmakers to which the controller is subject.

If storage no longer serves its purpose or if the storage period prescribed by European legislative bodies or other competent lawmakers expires, personal data will be routinely blocked or erased in accordance with the statutory provisions.

 

8. Rights of the data subject

 

a) The right to confirmation

Every data subject has the right – granted by European legislative bodies – to require that a controller confirm whether personal data concerning him/her is being processed. If a data subject wishes to exercise this right of confirmation, he or she can contact an employee of the controller at any time.

 

b) The right to information

Any data subject affected by the processing of personal data shall have the right – granted by European legislative bodies – to obtain from the controller information on the personal data about him or her that is stored as well as a copy of that information – free of charge and at any time. Furthermore, European legislative bodies have stipulated that the following information shall be provided to the data subject:

  • the aims of the data processing
  • the categories of personal data being processed
  • the recipients or categories of recipients to whom the personal data has been disclosed or are still being disclosed, particularly where the recipients are in third countries or international organisations
  • if possible, the planned duration for which the personal data will be stored or, if that is not possible, the criteria for determining this duration
  • the existence of a right to rectification or erasure of the personal data concerning them, or a right to the limitation of processing by the controller, or a right to object to such processing
  • the existence of a right of appeal to a supervisory authority
  • if personal data are not collected from the data subject: all available information about the origin of the data
  • the existence of automated decision-making including profiling in accordance with Article 22 (1) and (4) of the GDPR, as well as – at least in these cases – meaningful information about the logic involved and the scope and intended impact of such processing on the data subject

Moreover, the data subject has a right to information on whether personal data has been transmitted to a third country or an international organisation. If this is the case, the data subject has the right to receive information about the appropriate guarantees in connection with the transfer.

If a data subject wishes to exercise this right to information, he or she can contact an employee of the controller at any time.

 

c) The right to correction

Any data subject affected by the processing of personal data has the right – granted by European legislative bodies – to demand the immediate correction of incorrect personal data concerning him or her. Furthermore, the data subject has the right to demand the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.

If a data subject wishes to exercise this right to correction, he or she can contact an employee of the controller at any time.

 

d) The right to erasure (the right to be forgotten)

Any data subject affected by the processing of personal data has the right – granted by European legislative bodies – to demand that the controller immediately erase the personal data concerning him or her, provided that one of the following reasons applies and the processing is not necessary:

  • The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
  • The data subject revokes the consent on which the processing was based in accordance with Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR, and there is no other legal basis for the processing.
  • The data subject objects to the processing pursuant to Art. 21 (1) of the GDPR and there are no overriding, justified reasons for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) of the GDPR.
  • The personal data were processed unlawfully.
  • The erasure of personal data is necessary to fulfil a legal obligation under Union law or the laws of Member States to which the controller is subject.
  • The personal data were collected in relation to information society services offered in accordance with Art. 8 para. 1 of the GDPR.

If one of the above reasons is applicable and a data subject wishes to arrange for the erasure of personal data stored by Hanse Haus GmbH, he or she can contact an employee of the controller responsible for the processing at any time. The employee of Hanse Haus GmbH will arrange to have the demand for deletion fulfilled immediately.

If the personal data have been made public by Hanse Haus GmbH and if our company is the controller responsible for erasing personal data pursuant to Art. 17 para. 1 of the GDPR, Hanse Haus GmbH shall – taking into consideration the available technology and implementation costs – take appropriate measures, including technical ones, to inform other controllers who process the published personal data that the data subject has demanded that the latter controllers erase all links to this personal data or copies or duplicates of such personal data, provided that the processing is not required. The employee of Hanse Haus GmbH will make arrangements for the necessary steps in individual cases.

 

d) The right to the restriction of processing

Any data subject affected by the processing of personal data has the right – granted by European legislative bodies – to demand that the controller restrict the processing, provided that one of the following conditions applies:

If one of the above-mentioned conditions applies and a data subject wishes to restrict the personal data stored by Hanse Haus GmbH, he or she can contact an employee of the controller responsible for the processing at any time. The employee of Hanse Haus GmbH will arrange to have the processing restricted.

The accuracy of the personal data is contested by the data subject for a period of time that enables the controller to verify the accuracy of the personal data.

The processing is unlawful, the data subject rejects the erasure of the personal data and instead demands that the use of the personal data be restricted.

The controller no longer requires the personal data for processing purposes, but the data subject requires them to assert, exercise or defend legal claims.

The data subject has objected to the processing pursuant to Art. 21 para. 1 of the GDPR, and it is not yet clear whether the justifiable reasons of the controller outweigh those of the data subject.

 

f) The right to data portability

Any data subject affected by the processing of personal data has the right – granted by European legislative bodies – to receive the personal data relating to him or her, which were provided by the data subject to a controller, in a structured, common and machine-readable format. He or she also has the right to transfer these data to another controller without hindrance by the controller to whom the personal data were provided, provided that the processing is based on consent pursuant to Art. 6 (1) (a) of the GDPR, or Art. 9 (2) (a) of the GDPR, or on a contract pursuant to Article 6 (1) (b) of the GDPR, and the processing takes place by automated means, and the processing is not necessary for performing a task carried out in the public interest or is carried out in the exercise of official authority vested in the controller.

Furthermore, in exercising the right to data portability under Article 20 (1) of the GDPR, the data subject has the right to have personal data transmitted directly from one controller to another, provided that this is technically feasible and the rights and freedoms of others are not impaired.

To assert the right of data transferability, the data subject can contact an employee of Hanse Haus GmbH at any time.

 

g) The right to objection

Any data subject affected by the processing of personal data has the right – granted by European legislative bodies – to object at any time to the processing of personal data concerning him or her that is carried out pursuant to Art. 6 (1) (e) or (f) of the GDPR, for reasons arising from particular circumstances. This also applies to profiling based on these provisions.

In the event of an objection, Hanse Haus GmbH will no longer process personal data unless we can prove compelling reasons for processing that outweigh the interests, rights and freedoms of the data subject, or if the processing serves the assertion, exercise or defence of legal claims.

If Hanse Haus GmbH processes personal data in order to conduct direct advertising, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling, insofar as it is associated with such direct advertising. If the data subject objects to Hanse Haus GmbH processing his or her data for direct advertising purposes, Hanse Haus GmbH will no longer process the personal data for these purposes.

Moreover, the data subject has the right, for reasons arising from his/her particular situation, to object to the processing of personal data concerning him or her which is carried out by Hanse Haus GmbH for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 of the GDPR, unless such processing is necessary to fulfil a task in the public interest.

To assert the right to objection, the data subject can directly contact any employee of Hanse Haus GmbH or another employee. The data subject is also free, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise his or her right to objection by means of automated procedures making use of technical processing.

 

h) Automated decisions in individual cases including profiling

Any data subject affected by the processing of personal data shall have the right, granted by European legislative bodies, not to be subject to decisions based solely on automated processing, including profiling, which have a legal effect on him or her or, similarly, impairs him or her considerably, unless the decision (1) is necessary for the conclusion or fulfilment of a contract between the data subject and the controller; or (2) is permitted by Union or Member State legislation to which the controller is subject, and this legislation provides for appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject; or (3) with the express consent of the data subject.

If a decision (1) is required for the conclusion or fulfilment of a contract between the data subject and the controller, or (2) is taken with the express consent of the data subject, Hanse Haus GmbH shall undertake appropriate measures to safeguard the rights, liberties and legitimate interests of the data subject, including at least the right to obtain the intervention of a person on behalf of the controller, to express his/her own position and to contest the decision.

If a data subject wishes to exercise rights relating to automated decisions, he or she can contact an employee of the controller at any time.

 

i) The right to revoke consent relating to data protection laws

Any data subject affected by the processing of personal data has the right – granted by European legislative bodies – to revoke consent to the processing of personal data at any time.

If a data subject wishes to exercise his or her right revoke consent, he or she can contact an employee of the controller at any time.

 

9. Data protection for job applications and in the job application process

The controller collects and processes the personal data of job applicants for the purpose of processing the applications. The processing can also be done electronically. This is particularly the case if an applicant submits application documents to the controller by electronic means, for example by email or through a web form available on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for employment purposes in accordance with the law. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after the announcement of the rejection decision, provided that deletion does not prejudice any other legitimate interests of the controller. An other legitimate interest in this sense would be e.g. a burden of proof in a procedure under the General Act on Equal Treatment (AGG).

 

10. Data protection policy on the use of Facebook

The controller has integrated components of the company Facebook on this website. Facebook is a social network.

A social network is an internet-based social meeting place, an online community that usually allows users to communicate with each other and interact in a virtual space. A social network can serve as a platform for sharing views and experiences, or allows the internet community to provide personal information or information pertaining to a business. Among other things, Facebook allows users of this social network to create private profiles, upload photos and network via friend requests.

Facebook’s operating company is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the US or Canada, the controller responsible for processing personal data is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland.

Every time one of the pages of this website, which is operated by the controller and on which a Facebook component (Facebook plug-in) has been integrated, is accessed, the respective Facebook component causes the internet browser on the information technology system of the data subject to automatically download a representation of the relevant Facebook component. An overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=en_US. As part of this technical process, Facebook receives information on the sub-pages of our website visited by the data subject.

If the data subject is simultaneously logged in to Facebook, Facebook will recognise the specific sub-pages of our website visited by the data subject with each visit to our website by the data subject and for the entire duration of the visit to our website. This information is collected by the Facebook component and assigned by Facebook to the data subject’s Facebook account. If the data subject clicks on one of the Facebook buttons integrated on our website, for example the “Like” button, or if the data subject makes a comment, Facebook assigns this information to the data subject’s personal Facebook account and saves this personal data.

Facebook always receives information through the Facebook component that the data subject has visited our website if the data subject is simultaneously logged in to Facebook at the time of accessing our website; this happens regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not wish to have this information transmitted to Facebook, he or she can prevent this by logging out of his/her Facebook account before accessing our website.

Facebook’s privacy policy, available at: https://de-de.facebook.com/about/privacy/, provides information on the collection, processing and use of personal data by Facebook. It also explains which setting options Facebook offers to protect the privacy of the data subject. In addition, various applications are available which make it possible to hinder the transmission of data to Facebook. Such applications can be used by the data subject to hinder data transmission to Facebook.

11. Data protection policy for the use of Google Analytics (with anonymisation function)

The controller has integrated the Google Analytics component (with anonymisation function) on this website. Google Analytics is a web analysis service. Web analytics is the elicitation, collection and analysis of data about the behaviour of visitors to websites. Among other things, a web analytics service collects data on the website from which a data subject has come to a website (so-called referrers), on the sub-pages of the website which were accessed, and how often a sub-page was viewed and the duration of this viewing. Web analytics are primarily used to optimise a website and conduct a cost-benefit analysis of internet advertising.

The operating company of the Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

The controller uses the suffix “_gat._anonymizeIp” for web analytics via Google Analytics. With this addition, Google shortens and anonymises the IP address of the data subject’s internet connection, if our web pages are accessed from a Member State of the European Union or from another contracting state of the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse visitor flows on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, in order to compile for us online reports showing the activities on our website, and to provide other services related to the use of our website.

Google Analytics places a cookie on the data subject’s information technology system. What cookies are has already been explained above. By placing this cookie, Google can analyse the usage of our website. Every time one of the pages of this website, which is operated by the controller and into which a Google Analytics component has been integrated, is accessed, the respective Google Analytics component automatically causes the internet browser on the information technology system of the data subject to transmit data to Google for the purpose of online analysis. As part of this technical process, Google receives information about personal data such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks, and to subsequently enable commission settlements.

By means of the cookie, personal information such as the accessing time, the location from which a website was accessed and the frequency of site visits by the data subject are stored. Each time our website is visited, this personal data, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal information is stored by Google in the United States of America. Google may transfer this personal data collected through this technical process to third parties.

The data subject can prevent the storage of cookies by our website, as described above, at any time by adjusting the settings of the internet browser used and thus permanently refuse the storage of cookies. This adjustment to the settings of the internet browser being used would also prevent Google from storing a cookie on the information technology system of the data subject. Moreover, cookies already stored by Google Analytics can be deleted at any time through the internet browser or other software programs.

Furthermore, the data subject may object to and prevent the collection of data generated by Google Analytics and related to the use of this website, and the processing of this data by Google. To do this, the data subject must download and install a browser add-on at: https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics through JavaScript that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as an objection. If the data subject’s information technology system is later deleted, formatted or reinstalled, the data subject must reinstall the browser add-on in order to disable Google Analytics. If the browser add-on is uninstalled or disabled by the data subject or another person within his/her sphere of influence, the browser add-on can be reinstalled or enabled once again.

This website uses the demographics feature of Google Analytics. Through this, reports can be produced that contain information on the age, gender and interests of website visitors. This data comes from interest-based advertising from Google and from third-party visitor data. This data cannot be assigned to a specific person. You can disable this feature at any time through the ad settings in your Google Account, or generally prohibit the collection of your data by Google Analytics as described in the section “Objecting to data collection”

Additional information and Google’s applicable privacy policy can be found at https://www.google.com/intl/en/policies/privacy/, and at www.google.com/analytics/terms.html. Google Analytics is explained in more detail at this link: https://www.google.com/intl/en_en/analytics/.

12. Data protection policy on the use of Google AdWords

The controller has integrated Google AdWords into this website. Google AdWords is an internet advertising service that allows advertisers to place advertisements in both Google’s search engine results and in the Google Display Network. Google AdWords allows advertisers to predetermine keywords that will display an advertisement in Google’s search engine results only when the user accesses a keyword-related search result through the search engine. In the Google Display Network, advertisements are distributed to topic-relevant websites using an automated algorithm and according to previously defined keywords.

The operating company of Google AdWords services is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to promote our website by displaying interest-based advertising on the websites of third-party companies and in the search engine results of the Google search engine, and by displaying third-party advertisements on our website.

If a data subject accesses our website through a Google ad, Google stores a so-called conversion cookie on the data subject’s information technology system. What cookies are has already been explained above. A conversion cookie loses its validity after thirty days and is not used to identify the data subject. Provided that it has not yet expired, the conversion cookie allows for an understanding of whether certain sub-pages, such as the shopping cart of an online shop system, were accessed on our website. The conversion cookie informs both us and Google whether a data subject who came to our website through an AdWords ad generated revenue, i.e. completed or cancelled a purchase.

The data and information collected through the use of the conversion cookie is used by Google to create visitor statistics for our website. These visitor statistics are then used by us to determine the total number of users who were sent to us through AdWords ads, in other words to determine the success or failure of particular AdWords ads and to optimise our AdWords ads for the future. Neither our company nor other Google AdWords advertisers receive information from Google which allows data subjects to be identified.

Through the conversion cookie, personal information such as the websites visited by a data subject, are stored. Each time our website is visited, personal data including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal information is stored by Google in the United States of America. Google may transfer this personal data collected through this technical process to third parties.

The data subject can prevent the storage of cookies by our website, as described above, at any time by adjusting the settings of the internet browser used and thus permanently refuse the storage of cookies. This adjustment to the settings of the internet browser being used would also prevent Google from storing a conversion cookie on the information technology system of the data subject. Moreover, cookies already stored by Google AdWords can be deleted at any time through the internet browser or other software programs.

Furthermore, the data subject can object to Google’s interest-based advertising. In order to do this, the data subject must access the link www.google.com/settings/ads from each of the internet browsers he or she uses and adjust the desired settings there.

Further information and Google’s applicable privacy policy can be found at https://www.google.com/intl/en/policies/privacy/.

 

12.1 Data protection provisions about the application and use of the Google Marketing Platform

We use the Google Marketing Platform of the operator Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland. Google Marketing Platform uses cookies to deliver ads relevant to users. A pseudonymous identification number (ID) is assigned to the browser or device to check which ads have been displayed and which have been clicked. This can improve the performance of your campaigns or, for example, prevent the same ad from appearing more than once.

Google can also use cookie IDs to collect so-called conversions related to ad requests. This happens, for example, when users see an advertisement, later call up our website in the same browser and fill out a contact form there. According to Google, the cookies do not contain any personal information. With the consent of the user, the processing of the data takes place in accordance with Art. 6 para. 1 lit. a GDPR.

The user's browser automatically connects directly to the Google server. We have no influence on the scope and further use of the data collected by the Google Marketing Platform. To the best of our knowledge, Google receives the information that users clicked on one of our ads or accessed a certain area of our website. If users are registered with a Google service, Google can assign the action to an account. Even if users are not registered with Google or are not logged in, it is possible that the IP address is determined and stored.

With the use of the Google Marketing Platform, personal data is transferred to Ireland and the USA, so additional protection mechanisms are necessary to ensure the level of data protection of the GDPR. For this purpose, Google uses standard data protection clauses pursuant to Art. 46 para. 2 lit. c GDPR, which oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. However, this does not preclude the possibility that, among others, government authorities in the US may have the right to access data without effective remedies being available.

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as they are no longer needed for the stated processing purposes. The lifespan of the Google Marketing Platform cookie is up to two years. Once the lifetime of a cookie has expired, it is automatically deleted by the browser. All shared data is stored for nine months.

Further information on the Google Marketing Platform can be found at marketingplatform. google. com/about/. Further information and the applicable data protection regulations of Google can be found at www. google. de/intl/de/policies/privacy. The consent can be revoked on all domains via the following link: safety. google/privacy/privacy-controls/.

 

13. Data protection policy for the use of Instagram

The controller has integrated components of the service Instagram into this website. Instagram is a service that can be described as an audiovisual platform allowing users to share photos and videos, as well as redistribute such data in other social networks.

The operating company of Instagram’s services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

Every time one of the pages of this website, which is operated by the controller and into which an Instagram component (Insta-button) has been integrated, is accessed, the respective Instagram component automatically causes the internet browser on the information technology system of the data subject to download a representation of the relevant Instagram component. As part of this technical process, Instagram receives information on the sub-pages of our website visited by the data subject.

If the data subject is simultaneously logged in to Instagram, with each visit to our website by the data subject and during the entire duration of the accessing of our website, Instagram recognises the specific sub-pages of our website visited by the data subject. This information is collected by the Instagram component and assigned by Instagram to the data subject’s Instagram account. If the data subject clicks on one of the Instagram buttons integrated into our website, the data and information transmitted by this action are assigned to the data subject’s personal Instagram account and are saved and processed by Instagram.

Instagram always receives information through the Instagram component that the data subject has visited our website, if the data subject is simultaneously logged in to Instagram at the time of accessing our website; this happens regardless of whether the data subject clicks on the Instagram component or not. If the data subject does not wish to have this information transmitted to Instagram, he or she can prevent this by logging out of his/her Instagram account before accessing our website.

Further information and Instagram’s applicable privacy policy can be found at: https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

 

14. Data protection policy for the use of Pinterest

The controller has integrated components of Pinterest Inc. into this website. Pinterest is a so-called social network. A social network is an internet-based social meeting place, an online community that usually allows users to communicate with each other and interact in a virtual space. A social network can serve as a platform for sharing views and experiences, or allows the internet community to provide personal information or information pertaining to a business. Among other things, Pinterest enables users of the social network to publish picture collections, individual pictures and descriptions on virtual pinboards (so-called pinning), which in turn can be shared by other users (so-called repinning) or commented on.

Pinterest’s operating company is Pinterest Inc., 808 Brannan St., San Francisco, CA 94103, USA.

Every time one of the pages of this website, which is operated by the controller and into which a Pinterest component (Pinterest plug-in) has been integrated, is accessed, the respective Pinterest component automatically causes the internet browser on the information technology system of the data subject to download a representation of the relevant Pinterest component. More information about Pinterest is available at pinterest.com. As part of this technical process, Pinterest receives information on the sub-pages of our website visited by the data subject.

If the data subject is simultaneously logged in to Pinterest, with each visit to our website by the data subject and during the entire duration of the accessing of our website, Pinterest recognises the specific sub-pages of our website visited by the data subject. This information is collected by the Pinterest component and assigned by Pinterest to the data subject’s Pinterest account. If the data subject clicks on one of the Pinterest buttons integrated on our website, Pinterest assigns this information to the data subject’s personal Pinterest account and saves these personal data.

Pinterest always receives information through the Pinterest component that the data subject has visited our website, if the data subject is simultaneously logged in to Pinterest at the time of accessing our website; this happens regardless of whether the data subject clicks on the Pinterest component or not. If the data subject does not wish to have this information transferred to Pinterest, he or she can prevent it by logging out of his/her Pinterest account before visiting our website.

Pinterest’s privacy policy, available at: https://about.pinterest.com/privacy-policy, provides information on the collection, processing and use of personal data by Pinterest.

 

15. Privacy policy on the use of Twitter

The controller has integrated Twitter components into this website. Twitter is a multilingual, publicly accessible microblogging service where users can post and distribute so-called tweets, which are short messages limited to 280 characters. These short messages are available to anyone, including people who have not registered with Twitter. The tweets are also shown to the so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Twitter also allows you to address a broad audience through hashtags, links or retweets.

Twitter’s operating company is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Every time one of the pages of this website, which is operated by the controller and into which a Twitter component (Twitter button) has been integrated, is accessed, the respective Twitter component automatically causes the internet browser on the information technology system of the data subject to download a representation of the relevant Twitter component. More information on Twitter buttons is available at: https://about.twitter.com/en/resources/buttons. As part of this technical process, Twitter receives information on the sub-pages of our website visited by the data subject. The purpose of integrating the Twitter component is to enable our users to redistribute the contents of this website, to make this website known in the digital world and to increase our visitor numbers.

If the data subject is simultaneously logged in to Twitter, with each visit to our website by the data subject and during the entire duration of the accessing of our website, Twitter recognises the specific sub-pages of our website visited by the data subject. This information is collected by the Twitter components and assigned by Twitter to the data subject’s Twitter account. If the data subject clicks on one of the Twitter buttons integrated into our website, Twitter assigns this information to the data subject’s personal Twitter account and saves and processes this personal data.

Twitter always receives information through the Twitter component that the data subject has visited our website, if the data subject is simultaneously logged in to Twitter at the time of accessing our website; this happens regardless of whether the data subject clicks on the Twitter component or not. If such a transfer of this information to Twitter is not desired by the data subject, he or she can prevent it by logging out of his/her Twitter account before visiting our website.

Twitter’s applicable privacy policy is available at: https://twitter.com/privacy?lang=en.

 

16. Privacy policy for the use of YouTube

The controller has integrated YouTube components into this website. YouTube is an internet video portal that allows video publishers to upload video clips free of charge, as well as users to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos, so that complete film and television broadcasts, as well also music videos, trailers, and user-made videos can be viewed via the internet portal.

YouTube’s operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

Every time one of the pages of this website, which is operated by the controller and into which a YouTube component (YouTube video) has been integrated, is accessed, the respective YouTube component automatically causes the internet browser on the information technology system of the data subject to download a representation of the relevant YouTube component. More information about YouTube can be found at: https://www.youtube.com/intl/en-GB/yt/about/. As part of this technical process, YouTube and Google receive information on the sub-pages of our website visited by the data subject.

If the data subject is simultaneously logged in to YouTube, the accessing of a sub-page containing a YouTube video allows YouTube to recognise the specific sub-page of our website visited by the data subject. This information is collected by YouTube and Google and matched with the data subject’s YouTube account.

YouTube and Google always receive information through the YouTube component that the data subject has visited our website if the data subject is simultaneously logged in to YouTube when accessing our website; this happens regardless of whether the person clicks on a YouTube video or not. If a data subject does not wish to have such information passed on to YouTube and Google, he or she may prevent the transmission by logging out of his/her YouTube account before visiting our website.

YouTube’s privacy policy, available at: https://www.google.com/intl/en/policies/privacy/, provides information on the collection, processing and use of personal data by YouTube and Google.

 

17. The legal basis for data processing

Art. 6 I lit. a of the GDPR serves as the legal basis for our company’s data processing operations in which we obtain consent for a particular processing purpose. If the processing of personal data is necessary to fulfil a contract of which the data subject is a party, as is the case e.g. in data processing operations necessary for the delivery of goods or the provision of another service or consideration, the processing shall be based on Art. 6 (I) (b) of the GDPR. The same applies to data processing operations necessary for carrying out pre-contractual measures, for example in the case of enquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfilment of tax obligations, the processing shall be based on Art. 6 (I) (c) of the GDPR. In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company were injured and his or her name, age, health insurance data or other vital information would have to be given to a doctor, hospital or other third party. Then the processing would be based on Art. 6 (I) (d) of the GDPR. Ultimately, data processing operations could be based on Art. 6 (I) (f) of the GDPR. Data processing operations which are not covered by any of the previously mentioned legal bases, are justified by this legal basis if the processing is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the data subject prevail. We are permitted to perform such data processing operations because they have been specifically mentioned by the European legislative bodies. They considered that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 of the GDPR).

 

18. Legitimate interests in data processing pursued by the controller or a third party

If the processing of personal data is based on Article 6 (I) (f) of the GDPR, our legitimate interest is the conducting of our business activities for the benefit of all of our employees and shareholders.

 

19. Duration for which personal data is stored

The criterion for the duration of storing personal data is the respective statutory retention period. After the period is over, the corresponding data will be routinely deleted if they are no longer required for fulfilling a contract or to initiate a contract.

 

20. Legal or contractual requirements for the provision of personal data; necessity for the conclusion of a contract; obligation of the data subject to provide personal data; possible consequences of non-provision

We would like to inform you that the provision of personal data is in part required by law (e.g. tax regulations) or may result from contractual arrangements (e.g. information on the contracting party). Sometimes it may be necessary for the conclusion of a contract that a data subject provides us with personal data which must subsequently be processed by us. For example, the data subject is required to provide us with personal information when our company concludes a contract with him or her. Failure to provide personal data would make it impossible to conclude a contract with the data subject. Before the data subject provides personal data, he or she must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is legally or contractually required, whether it is required for the conclusion of a contract, whether there is an obligation to provide personal data, and what consequences the failure to provide personal data would have.

 

21. Existence of automated decision-making

As a responsible company, we refrain from automatic decision-making or profiling.