Websites, features and content, as well as external online presence, e.g. My Social Media Profile (collectively referred to as the "Online Offering").
With regard to the terminology used, e.g. "Processing" or "Responsible" I refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR
72172 Sulz on the Neckar
Types of processed data:
- Inventory data (e.g., names, addresses).
- contact information (e.g., e-mail, phone numbers).
- content data (e.g., text input, photographs, videos).
- usage data (e.g., websites visited, interest in content, access times).
- Meta / communication data (e.g., device information, IP addresses).
Categories of affected persons
Visitors and users of the online offer (hereinafter we refer to the affected persons as "users").
Purpose of processing
- Provision of the online offer, its functions and contents.
- Answering contact requests and communicating with users.
- Safety measures.
- Reach Measurement / Marketing
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter the "data subject");
a natural person is considered to be identifiable, directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier
(e.g., cookie) or to one or more particular features that express the physical, physiological, genetic, mental, economic, cultural or social identity thereof
natural person are.
"Processing" means any process performed with or without the aid of automated procedures or any such process associated with personal data.
The term goes far and includes virtually every handling of data.
"Pseudonymisation" means the processing of personal data in such a way that the personal data is no longer associated with a specific data subject without the need for additional information
provided that such additional information is kept separate and subject to technical and organizational measures to ensure that personal data are not
assigned to an identified or identifiable natural person.
"Profiling" means any kind of automated processing of personal data that consists in using that personal information to identify certain personal aspects that relate to a natural person
to assess, in particular, aspects relating to job performance, economic situation, health, personal preferences, interests,
To analyze or predict the reliability, behavior, whereabouts, or location of this natural person.
"Responsible" means the natural or legal person, authority, institution or other body, alone or in concert with others, about the purposes and means of processing personal data
"Processor" means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
Relevant legal bases
In accordance with Art. 13 DSGVO, I inform you of the legal basis of my data processing.
The legal basis for obtaining consent is Article 6 (1) lit. a. and DSGVO, the legal basis for the processing of my services and the performance of contractual measures, as well as
Answering requests is Art. 6 para. 1 lit. b DSGVO, the legal basis for processing in order to fulfill my legal obligations is Art. 6 (1) lit. c DSGVO, and the legal basis for processing
To safeguard my legitimate interests, Art. 6 para. 1 lit. f DSGVO.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO as legal basis.
In accordance with Art. 32 GDPR, I shall take into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing as well as the different ones
Likelihood and severity of the risk to the rights and freedoms of natural persons; appropriate technical and organizational measures to ensure a level of protection commensurate with the risk.
In particular, the measures include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input,
Passing on, ensuring availability and separation.
Furthermore, I have set up procedures that ensure the perception of data subject rights, the deletion of data and the reaction to the threat to data.
Furthermore, I consider the protection of personal data already in the development, or selection of hardware, software and procedures, according to the principle of data protection through technology design and
through privacy-friendly default settings (Art. 25 DSGVO).
Collaboration with processors and third parties
If, in the course of my processing, I disclose data to other persons and companies (contract processors or third parties), transmit them to them or otherwise grant them access to the data,
this is only on the basis of a legal permission (for example, if a transmission of the data to third parties, as to payment service providers, in accordance with Article 6 paragraph 1 letter b DSGVO required to fulfill
the contract), you consented have a legal obligation to do so, or based on our legitimate interests (such as the use of agents, web hosts, etc.).
If I entrust third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR.
Transfers to third countries
If I process data in a third country (ie outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure,
or transmission of data to third parties, this only occurs if it is to fulfill my (pre) contractual obligations, based on your consent, due to a legal obligation or on
Basis of our legitimate interests happens.
Subject to legal or contractual permissions, I process or let the data in a third country only in the presence of the special conditions of Art. 44 et seq. DSGVO.
That the processing is e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (eg for the USA through the Privacy Shield) or compliance
officially recognized special contractual obligations (so-called "standard contractual clauses").
Rights of data subjects
You have the right to ask for confirmation as to whether the data in question is being processed and for information about this data as well as for further information and a copy of the data in accordance with
Art. 15 GDPR.
You have accordingly. Art. 16 DSGVO the right to demand the completion of the data concerning you or the correction of the incorrect data concerning you.
In accordance with Art. 17 GDPR, they have the right to demand that the relevant data be deleted without delay, or alternatively, in accordance with Art. 18 GDPR, to restrict the processing of the data
You have the right to demand that the data relating to you, which you have provided to us, be obtained in accordance with Art. 20 GDPR and request their transmission to other persons responsible.
You have gem. Art. 77 DSGVO the right to file a complaint with the competent supervisory authority.
You have the right to grant consent in accordance with. Art. 7 para. 3 DSGVO with effect for the future.
You can object to the future processing of your data in accordance with Art. 21 GDPR at any time.
The objection may in particular be made against processing for direct marketing purposes.
Cookies and right to object in direct mail
"Cookies" are small files that are stored on users' computers.
Different information can be stored within the cookies.
A cookie is primarily used to store the information about a user (or the device on which the cookie is stored) during or after his visit to an online offer.
Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online service and closes his browser.
In such a cookie, e.g. the contents of a shopping cart in an online shop or a login status are saved.
The term "permanent" or "persistent" refers to cookies that remain stored even after the browser has been closed.
Thus, e.g. the login status will be saved if users visit it after several days.
Likewise, in such a cookie the interests of the users can be stored, which are used for range measurement or marketing purposes.
A "third-party cookie" refers to cookies that are offered by providers other than the person responsible for providing the online offer (otherwise, if only the cookie is used, this is referred to as "cookies")
If users do not want cookies stored on their computer, they will be asked to disable the option in their browser's system settings.
Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
A general contradiction to the use of the cookies used for the purpose of online marketing can in many of the services, especially in the case of tracking, on the US side
http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/.
Furthermore, the storage of cookies can be achieved by switching them off in the settings of the browser.
Please note that not all features of this online offer may be used.
Deletion of data
The data processed by me will be deleted or restricted in accordance with Art. 17 and 18 GDPR.
contrary to statutory storage requirements.
Unless the data is deleted because it is required for other and legitimate purposes, its processing will be restricted. That The data is blocked and not processed for other purposes.
This applies, for example for data that must be kept for commercial or tax reasons.
According to legal regulations in Germany, the storage takes place especially for 10 years according to §§ 147 Abs. 1 AO, 257 Abs. 1 Nr. 1 and 4, Abs. 4 HGB (books, records, management reports, accounting
documents, Handelsbooks, for taxation of relevant documents, etc.) and 6 years in accordance with § 257 Abs. 1 Nr. 2 and 3, Abs. 4 HGB (commercial letters).
According to legal regulations in Austria, the storage takes place in particular for 7 years in accordance with § 132 para. 1 BAO (accounting documents, receipts / invoices, accounts, receipts, business papers,
statement of income and Expenditure, etc.), for 22 years in connection with real estate and for 10 years in the case of documents relating to electronically provided services, telecommunications, broadcasting and
television services Non-contractors in EU Member States and for which the Mini-One-Stop-Shop (MOSS) is used.
When contacting me (for example, by contact form, e-mail, telephone or via social media) the information provided by the user for processing the contact request and its processing acc. Art. 6 para. 1 lit. b)
User information can be stored in a Customer Relationship Management System ("CRM System") or comparable request organization.
I delete the requests, if they are no longer required.
I check the requirement every two years;
Furthermore, the legal archiving obligations apply.
Hosting and e-mailing
The hosting services I use are for the purpose of providing the following services:
Infrastructure and platform services, computing capacity, storage and database services, e-mailing, security and technical maintenance services that I use to operate this
Use online offer.
I or my hosting provider processes stock data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer
based on my legitimate interests in an efficient and secure provision of this online offer acc. Art. 6 para. 1 lit. f DSGVO i.V.m. Art. 28 DSGVO (conclusion of contract processing contract).
Collection of access data and log files
I, or my hosting provider, collects on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO Data about every access to the server on which this service is located
(so-called server log files).
The access data includes name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the operating system of the user,
Referrer URL (the previously visited page), IP address and the requesting provider.
Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted.
Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.
On the basis of my legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Article 6 (1) (f) of the DSGVO), I use Google Analytics
Web analytics service of Google LLC ("Google").
The information generated by the cookie about the use of the online offer by the users are usually transmitted to a Google server in the USA and stored there.
Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?
Google will use this information on my behalf to evaluate the use of my online offer by users to compile reports on the activities within this online offering and
to provide me with other services related to the use of this online offer and internet usage.
In this case, pseudonymous usage profiles of the users can be created from the processed data.
I only use Google Analytics with activated IP anonymization.
This means that the IP address of the users will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
The IP address submitted by the user's browser will not be merged with other data provided by Google.
Users can prevent the storage of cookies by setting their browser software accordingly;
Users may also prevent the collection by Google of the data generated by the cookie and related to their use of the online offer as well as the processing of such data by Google by:
Download and install the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
(https://policies.google.com/technologies/ads) and in Google Ads Ads Settings (https://adssettings.google.com/authenticated).
The personal data of users will be deleted or anonymized after 14 months.
Google Universal Analytics
I use Google Analytics in the design as "Universal Analytics".
"Universal Analytics" means a process of Google Analytics, in which the user analysis is based on a pseudonymous user ID and thus a pseudonymous profile of the user with information from the
Use of various devices is created (so-called "cross-device tracking").
Online presence in social media
I maintain online presence within social networks and platforms in order to communicate with the customers, prospects and users active there and to inform them about my services there.
When calling the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective operators.
Write online presences or send me messages.
Integration of services and contents of third parties
Within my online offer I rely on my legitimate interests (ie interest in the analysis, optimization and economic operation of my online offer within the meaning of Art. 6 para. 1 lit.
DSGVO) third-party content or service offerings in order to provide their content and services, e.g. Include videos or fonts (collectively referred to as "content").
This always presupposes that the third-party providers of this content perceive the IP address of the users, since they could not send the content to their browser without the IP address.
The IP address is therefore required for the presentation of this content.
I strive to use only those content whose respective providers use the IP address only to deliver the content.
Third parties may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes.
The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website.
The pseudonymous information may also be stored in cookies on the users' device and may include, but is not limited to, technical information about the browser and operating system, referring web pages, and
Further information on the use of my online offer included, as well as be associated with such information from other sources.
I embed the videos on the YouTube platform of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
I embed the fonts ("Google Fonts") of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
I associate the function for detecting bots, e.g. when entering into online forms ("ReCaptcha") of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
I include maps of the Google Maps service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
The processed data may include, in particular, users' IP addresses and location data, but these are not collected without their consent (usually as part of the settings of their mobile devices)
The data can be processed in the USA.
I enclose the maps of the service "OpenStreetMap" (https://www.openstreetmap.de), which are offered by the OpenStreetMap Foundation (OSMF) based on the Open Data Commons Open Database License (ODbL)
To the best of my knowledge, OpenStreetMap uses users' data solely for the purpose of displaying map features and caching the selected settings.
This data may include, but is not limited to, users' IP addresses and location data, but they are not collected without their consent (usually as part of their mobile device settings).
Typekit fonts from Adobe
On the basis of my legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) lit.
DSGVO) external type kit fonts from Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland.
Adobe is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant
Use of Facebook social plugins
On the basis of my legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Article 6 (1) (f) of the DSGVO), I use social plugins ("plugins") of the
social network facebook.com operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland ("Facebook").
The plugins may be interactive elements or content (e.g., videos, graphics, or text), and may be recognized by one of the Facebook logos (white "f" on a blue tile, "like," "like," or
a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin".
The list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?
When a user invokes a feature of this online offering that includes such a plugin, their device establishes a direct connection to the Facebook servers.
The content of the plugin is transmitted by Facebook directly to the device of the user and incorporated by him into the online offer.
In the process, user profiles can be created from the processed data.
Therefore, I have no influence on the amount of data that Facebook collects with the help of this plugin and inform the users accordingly to my knowledge.
By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer.
If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account.
If users interact with the plugins, for example, press the Like button or leave a comment, the information is transmitted from your device directly to Facebook and stored there.
If a user is not a member of Facebook, there is still the possibility that Facebook will find out and save their IP address.
According to Facebook, only an anonymous IP address is stored in Germany.
Purpose and scope of data collection and the further processing and use of the data by Facebook, as well as the rights and options to protect the privacy of users
If a user is a Facebook member and does not want Facebook to collect data about him through this online offering and associate it with his member data stored on Facebook, he must first use it
log out of my online offer on Facebook and delete its cookies.
Other settings and inconsistencies regarding the use of data for promotional purposes are possible within the Facebook profile settings:
https://www.facebook.com/settings?tab=ads or via the US-American site http://www.aboutads.info/choices/ or the EU-Site http://www.youronlinechoices.com/.
The settings are platform independent, i. they are adopted for all devices, such as desktop computers or mobile devices.
Within my online offering may be features and content of the Instagram service offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.
For this, e.g. Content such as images, videos, or text and buttons that users use to promote their content, subscribe to content creators, or subscribe to my posts.
If the users are members of the platform Instagram, Instagram can call the o.g. Assign contents and functions to the profiles of the users there.
Within my online offering, features and content of the Pinterest service offered by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA, may be incorporated.
For this, e.g. Content such as images, videos, or text and buttons that users use to promote their content, subscribe to content creators, or subscribe to my posts.
If the users are members of the platform Pinterest, Pinterest can call the o.g. Assign contents and functions to the profiles of the users there.