I. Name and address of the party responsible
The party responsible as defined by the General Data Protection Regulation and other national data protection laws of member states as well as other data protection regulations is:
Phone: +49 (0) 94 21 / 92 75 – 0
II. Name and address of the data protection officer
The data protection officer of the responsible party is:
Innere Passauer Str. 2
Phone: +49 9421/869 9989
III. General information about data processing
- Scope of the processing of personal data
In general, we process the personal data of our users only to the extent to which it is required for the provision of a functional website as well as our contents and services. The personal data of our users are generally processed only with the consent of the user. An exception applies in such cases in which it is not possible to obtain consent beforehand for factual reasons and in which the legal provision permits the processing of data.
- Legal basis for the processing of personal data Section. 6 Para. 1 lit.a EU General Data Protection Regulation (GDPR) will form the legal basis for obtaining the consent of the person concerned for the processing of personal data. Section. 6 Para. 1 lit.b GDPR will form the legal basis for the processing of personal data required for performing a contract whose contractual party is the person concerned. This also applies to the processing required to perform precontractual measures. Section 6 Para. 1 lit.c GDPR will form the legal basis if the processing of personal data is required for fulfilling a legal obligation of our company. Section 6 Abs.1 lit.d GDPR will form the legal basis in case that the vital interests of the person concerned or of another individual will require the processing of personal data. If the processing is required to protect a legitimate interest of our company or a third party and if the interests, basic rights and fundamental freedoms of the affected person do not outweigh the first-mentioned interest, then Section 6 Para. 1 lit.f GDPR will form the legal basis for the processing.
- Deletion of data and storage period The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage becomes obsolete. In addition, Data will be stored if this has been intended by the European or national lawmakers in union regulations, laws or other provisions that the responsible party is subject to. The data will also be deleted or blocked if a required storage period expires according to the mentioned standards unless the continued storage of the data is required for the conclusion of a contract or the performance of a contract.
IV. Provision of the website creation of log files
- Description and scope of the data processing
Every time our website is visited, our system will automatically collect data and information from the computer system of the retrieving computer.
The following data are collected:
- Information about the type of browser and its version• The operating system of the user
• The IP address of the user
• Date, duration and time of day of access
• Website from which the system of the user arrives on our websiteThe data are also saved in the log files of our system. These data together with other personal data of the user are not saved.
- Legal basis for the data processing
The legal basis for the temporary storage of the data and the log files is Section .6 Para.1 lit.f GDPR.
- Purpose of the data processing
Data are saved in log files in order to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our IT systems. The data are not evaluated for marketing purposes in this context.These purposes are in our legitimate interests in the processing of data according to Section 6 Para .1 lit.f GDPR.
- Duration of the storage
No more than seven days when data are saved in log files. Storage beyond that time frame is possible. In this case, the IP addresses of the users are anonymised so that an assignment of the visiting client is no longer possible.
- Option to object and delete
The collection of the data for the provision of the website and the storage of the data in log file is necessary for the operation of the website. The use has therefore no option to object.
a) Description and scope of the data processing
The following data are saved and transmitted in the cookies:
- Language cookie
- Tracking cookies from Matomo
The user data collected in this way are pseudonymised by taking technical measures. An assignment of the data to the visiting user is therefore no longer possible. The data will not be saved together with other personal data of the user.
b) Legal basis for the data processing
Section 6 Para. 1 lit.f GDPR forms the legal basis for the processing of personal data using technically required cookies.
Section 6 Para. 1 lit.a GDPR forms the legal basis for the processing of personal data using cookies for analytical purposes when a corresponding consent of the user is provided.
c) Purpose of the data processing
The following applications require cookies:
- Tracking cookies from Matomo
- Language cookie
The user data collected via technically necessary cookies are not used to create user profiles.
Analyses cookies are used to improve the quality of our website and its content. The analysis cookies tell us how the website is used allowing us to continuously optimise our offers.
These purposes are in our legitimate interests in the processing of data according to Section 6 Para. 1 lit.f GDPR.
d) Duration of storage, option to object and delete
V. Contact form and e-mail contact
1. Description and scope of the processing of data
A contact form is provided on our website which can be used for making electronic contact. If a user chooses this option, all data entered in the input mask will then be transmitted to us and saved. This involves the following data:
For the processing of the data, your consent is obtained and you will be referred to this privacy statement during the sending process.
Alternatively, you can contact us via the provided e-mail address. In this case, the personal data of the user transmitted with the e-mail will be saved.
The data will then not be forwarded to third parties. The data are used exclusively for processing the conversation.
2. Legal basis for the data processing
Section 6 Para. 1 lit. a GDPR form the legal basis for the processing of the data provided that the user has given his consent.
Section 6 Abs. 1 lit. f GDPR forms the legal basis for processing the data that are transmitted via e-mail. If the e-mail contact aims to conclude a contract, the Section 6 Abs. 1 lit. b GDPR will form an additional legal basis for the processing.
8. Purpose of the data processing
The processing of the personal data from the input mask is used solely for processing the contact. In case of a contact via e-mail, this is also the required legitimate interest in the processing of the data.
The other personal data processed during the sending process are used to prevent an improper use of the contact form and to ensure the security of our IT systems.
3. Duration of the storage
The data will be deleted as soon as they are no longer required to achieve the purpose of their collection. This will apply to the personal data from the input mask of the contact form and those sent via e-mail when the corresponding conversation with the user has ended. The conversation has ended if the circumstances indicate that the issue has been conclusively clarified.
The personal data additionally collected during the sending will be deleted after a period of seven days at the latest.
4. Option to object and delete
The user has the option to withdraw his consent for the processing of the personal data at any time. If the user contacts us via e-mail, he can then object to the storage of his personal data at any time. The conversation can not be continued in such a case.
In this case, all personal data that have been saved in the course of the contact will be deleted.
VI. Web analysis with Matomo (formerly PIWIK)
1. Scope of the processing of personal data
We use on our website the open source software tool Matomo (formerly PIWIK) to analyse the surfing behaviour of our users. The software uses a cookie on the computer of the users (for cookies, see above). The following data are saved if you visit individual pages of our website:
- Two bytes of the IP address of the retrieving system of the user
- The visited website
- The website from which the user arrives on the visited website (referrer)
- The subpages that are visited from the retrieving website
- The length of stay on the website
- How often the website is visited
The software runs exclusively on the servers of our website. This is the only place where the personal data of the user are saved. The data will not be disclosed to a third party.
The software is set so that the IP addresses are not completely saved; 2 bytes of the IP address will be masked (Example: 192.168.xxx.xxx). That way an assignment of the shortened IP address to the retrieving computer is no longer possible.
2. Legal basis for the processing of personal data
Section 6 Para. 1 lit. f GDPR forms the legal basis for the processing of the user’s personal data.
3. Purpose of the data processing
The processing of the users’ personal data allows us to analyse the surfing behaviour of our users. The evaluation of the collected data allows us to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. These purposes are in our legitimate interests in the processing of the data according to Section 6 Para .1 lit.f GDPR. The anonymisation of the IP address will sufficiently address the user’s interest in the protection of his personal data.
3. Duration of the storage
The visitor log data will be deleted as soon as they are no longer required for our purposes.
In our case, this will apply after 180 days.
4. Option to object and delete
For more details on the privacy settings of the Matomo software, please click on the following link: https://matomo.org/docs/privacy/.
VII. Links to other providers
Our website contains – clearly visible – also links to websites of other companies.
If links to websites of other providers exist, we have no influence on their contents. We can therefore not be made liable for these contents. The corresponding provider or operator of the sites is always responsible for the contents of these sites. The linked sites were checked for any possible and identifiable legal violations at the time the link was established. Unlawful contents could not be identified at the time the link was established. However, a constant content check of the linked sites is not reasonable without any specific indications of a legal violation. Should legal violations become known, such links will be immediately removed.
VIII. Google Maps
Our website uses Google Maps API which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (»Google«) in order to visually display geographical information. By using this website you agree with the collection, processing as well as the use of the automatically collected data by Google, their representatives and third parties.
If you do not agree with this processing of your data, you will have the option to deactivate the service of “Google Maps” , thus preventing the transmission of data to Google. For this purpose, you must deactivate the Java script function in your browser. However, we would like to pint out that in this case you can not use “Google Maps” or only to a limited extent.
IX. Google Web Fonts
For a visually improved display of various information on our website, we use Google web fonts (http://www.google.com/webfonts/). When the page is visited, the web fonts will be transferred to the cache of the browser to allow for their use. In case the browser does not support the Google web fonts or prevents access, the text will be displayed in a standard font.
When the page is visited, no cookies will be saved. Data transmitted in connection with the page view will be send to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com They will not be associated with data that might be collected or used in connection with the parallel use of authenticated Google services such as Gmail.
You can set your browser so that the fonts will not be loaded by the Google servers (for example by installing add-ons such as NoScript or Ghostery for Firefox.) In case your browser does not support the Google Fonts or if you prevent access to the Google servers, the text will be displayed in the standard font of the system.
For information regarding the privacy requirements of Google web fonts, go to: https://developers.google.com/fonts/faq#Privacy
X. SSL- or TLS-encryption
This site uses a SSL or TLS encryption for security reasons and for the protected transmission of confidential contents such as orders or requests that you send to us as the operator of the site. You can recognise an encrypted connection when the lock symbol appears in your browser line and when the address line of your browser switches from “http://” to “https://”.
Should the SSL or TLS encryption be activated, the data that you transmit to us can not be read by a third party
XI. Rights of the persons concerned
If your personal data are processed, you are a person concerned according to the GDPR and you have the following rights towards the responsible party:
1. Right to confirmation
If you have asserted towards the responsible party the right to the correct, delete or restrict the processing, the responsible party is obligated to inform all recipients to which your personal data have been disclosed about the correction or deletion of the data or the restriction of the processing unless it turns out to be impossible or requires unreasonable effort.
You have the right towards the responsible party to be informed about these recipients.
2. Right to information
You can ask the responsible party to confirm whether we will process personal data concerning you.
If there is such a processing, you can ask the responsible party to provide the following information:
(1) the purposes for which personal data are processed;
(2) the categories of personal data that are processed;
(3) the recipients or the categories of recipients to which the personal data related to you have been disclosed or will still be disclosed;
(4) the planned duration of the storage of your personal data or, if specific information can not be provided on this, the criteria for determining the storage period;
(5) the existence of a right to correct or delete personal data related to you or to restrict the processing by the responsible party or of a right to object to this processing;
(6) the existence of a right to appeal at a supervisory authority;
(7) If the personal data are not collected from the person concerned, all available information about the origin of the data;
(8) the existence of an automated decision-making including profiling according to Sections 22 Paragraphs 1 and 4 GDPR and – at least in these cases – meaningful information about the involved logic as well as the scope and the pursued effects that such a processing has on the affected person.
You have the right to request information whether the personal data affecting you are transmitted to a third country or an international organisation. In this context, you can request information about the suitable guarantees in accordance with Section 46 GDPR in connection with the transmission.
3. Right to correction
You have the right towards the responsible party to a correction and/or completion if the processed personal data concerning you are incorrect or incomplete. The responsible party has to carry out the correction immediately.
4. Right to a restricted processing
Under the following conditions, you can request the restricted processing of the personal data concerning you:
(1) if you dispute the correctness of the personal data affecting you for a period of time that will allow the responsible data to check the correctness of the personal data;
(2) if the processing is unlawful and you rejected to the deletion of the personal data and instead have requested to restrict the use of the personal data;
(3) if the responsible party no longer requires the personal data for processing but requires the data for the assertion, execution or defence of legal claims or
(4) If you have filed an objection against the processing according to Section 21 Para. 1 GDPR and it has not yet been determined whether the legitimate reasons provided by the responsible party outweigh your reasons.
If the processing of the personal data concerning you has been restricted, these data – apart from their storage – may be processed only with your consent if you assert, exercise or defend legal claims or for the protection of the rights of another individual or legal body for reasons of an important public interest of the Union or a member state.
If the restriction of the processing is restricted according to the above mentioned conditions, you will be informed by the responsible party before the restriction is lifted.
6. Right to delete (“right to be forgotten”)
a) Obligation to delete
You have the right to ask the responsible party to immediately delete the personal data concerning you and the responsible party is obligated to immediately delete the personal data if the following reasons apply:
(1) The personal data concerning you are no longer necessary for the purposes for which they have been collected or processed in other ways.
(2) You rescind your agreement on which the processing according to Section 6 Para. 1 lit. a or Section 9 Para. 2 lit. a DSGVO is based and there is no other legal basis for the processing.
(3) You object against the processing according to Section 21 Para. 1 GDPR and there are no primary legitimate reasons for the processing or you appeal against the processing in accordance with Section 21 Para. 2 GDPR.
(4) The personal data concerning you were unlawfully processed.
(5) The deletion of the personal data concerning you is required in order to comply with a legal obligation according to EU law or the law of the member states that the responsible party subject to.
(6) The personal data concerning you were collected in regard to offered services of the information society according to Section 8 Para. 1 GDPR.
a) Information disclosed to third parties
If the responsible party has made public the personal data and we are obligated to delete them according to Section 12 Para. 1 GDPR, the responsible party will then take appropriate measures considering the available technology and the costs for the implementation, also of a technical kind, in order to inform the persons responsible for the data processing of your personal data that you have requested the deletion of all links to these personal data or copies or replications of these personal data.
The right to delete does not exist if the processing is required
(1) for exercising the right to freedom of expression and information;
(2) for complying with a legal obligation that requires the processing according to the law of the Union or the member states that the responsible party is subject to or for performing a task that is in the public interest or is done to exercise public authority that was assigned to the responsible party;
(3) for reasons of public interest in the area of public health according to Section 9 Para. 2 lit.h and i as well as Section 9 Para. 3 GDPR;
(4) for archiving purposes in the public interest, research or historical research purposes or for statistical purposes according to Section 89 Para. 1 GDPR, if the right named under section a) will likely make the realisation of the goals of this processing impossible or seriously affect them
(5) for asserting, exercising or defending legal claims.
17. Right to data portability
You have the right to receive your personal data that you provided to the responsible party in a structured, common and machine-readable format. You also have the right to transmit these data to another responsible person without any interference by the responsible party to which you have provided the personal data if
(1) the processing is based on consent according to Section 6 Para. 1 lit. a GDPR or Section 9 Para. 2 lit. a GDPR or a contract according to Section 6 Para. 1 lit. b GDPR and
(2) the processing is carried out using automated processes.
When exercising this right, you have also the right to effect that your personal data are transmitted directly from a responsible party to another responsible person if this is technically feasible. The freedoms and rights of other persons may not be affected by this.
The right to data portability does not apply to the processing of personal data that is required for performing a task in the public interest or is done to exercise public authority that was assigned to the responsible party.
18. Right to object
You have the right – for reasons arising from your special situation – to object to the processing of personal data affecting you based on Section 6 Para. 1 Letters e or f GDPR; this also applies to profiling based on these provisions.
The responsible party will no longer process the personal data unless it can prove compelling processing reasons worthy of protection, which outweigh your interests, rights and freedoms or the processing is used to assert, exercise or defend legal claims.
If the personal data is processed for direct advertising, you will have the right to object at any time against the processing of your personal data for the purpose of such advertisement; this also applies to the profiling if it is connected with such direct advertising.
If you object to the processing for direct advertising purposes, the personal data concerning you will then no longer be processed for these purposes.
Irrespective of the Directive 2002/58/EC, you have in connection with the use of services of the information society the option to exercise your right to object using automated processes for which technical specifications are used.
19. Right to withdraw the declaration of consent under privacy law
You have the right to withdraw your declaration of consent under privacy law at any time. The withdrawal of consent does not affect the legality of the processing that took place until the withdrawal.
20. Automated decisions in individual cases including profiling
You have the right to be subjected to a decision based not exclusively on an automated processing – including profiling – which will have a legal effect against you or significantly affect you in a similar way. This does not apply if the decision
(1) is required for the conclusion or performance of a contract between you and the responsible party,
(2) is admissible based on legal provisions of the Union or its member states that the responsible party is subject to and if these legal provisions include reasonable measures to protect your rights and freedoms as well as your legitimate interests.
(3) is made with your express consent.
However, these decisions may not be based on special categories of personal data according to Section 9 Para. 1 GDPR unless Section 9 Para. 2 lit. a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.
In regard to the cases named in (1) and (3), the responsible party will take appropriate measures to protect the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person by the person responsible, to state his or her own position and to challenge the decision..
21. Right to appeal at a supervisory authority
Irrespective of another administrative or legal remedy, you have the right to appeal at a supervisory authority, especially in the member state of your residence, your place of employment or the location of the alleged violation if you believe that the processing of the personal data related to violates the GDPR.
The regulatory authorities to whom the appeal was submitted informs the complainant about the status and the results of the appeal including the possibility of a legal remedy according to Section 78 GDPR.