This data protection declaration informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offer and the websites, functions and content connected to it as well as external online presences, such as our social media profiles (hereinafter jointly referred to as “online offer”). With regard to the terms used, such as “processing” or “controller”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Types of data processed:
- Inventory data (e.g., names, addresses).
- Contact data (e.g., e-mail, telephone numbers).
- Content data (e.g., text entries, photographs, videos).
- Usage data (e.g., web pages visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
Categories of data subjects
Visitors and users of the online offer (hereinafter we also refer to the data subjects collectively as “users”).
Purpose of the processing
- Provision of the online offer, its functions and contents.
- Responding to contact requests and communicating with users.
- Security measures.
- Reach measurement/marketing
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
“pseudonymisation” means the processing of personal data in such a way that personal data can no longer be related to a specific data subject without additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
“Profiling” means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
Controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
“Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Relevant legal basis
In accordance with Art. 13 DSGVO, we inform you of the legal basis for our data processing. If the legal basis is not stated in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 DSGVO, the legal basis for processing in order to fulfil our services and carry out contractual measures and respond to enquiries is Art. 6(1)(b) DSGVO, the legal basis for processing in order to fulfil our legal obligations is Art. 6(1)(c) DSGVO, and the legal basis for processing in order to protect our legitimate interests is Art. 6(1)(f) DSGVO. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d DSGVO serves as the legal basis.
We take appropriate technical and organisational measures in accordance with Art. 32 DSGVO, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input, disclosure, ensuring availability and segregation of the data. We also have procedures in place to ensure the exercise of data subjects’ rights, deletion of data and response to data compromise. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 DSGVO).
Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (order processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 (1) lit. b DSGVO), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties to process data on the basis of a so-called “order processing agreement”, this is done on the basis of Art. 28 DSGVO.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done if it is done in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or allow the processing of data in a third country if the special requirements of Art. 44 ff. DSGVO are met. This means, for example, that the processing is carried out on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).
Rights of data subjects
You have the right to request confirmation as to whether data in question is being processed and to information about this data as well as further information and a copy of the data in accordance with Art. 15 DSGVO.
You have according to. Article 16 of the GDPR, you have the right to request that the data concerning you be completed or that the inaccurate data concerning you be corrected.
In accordance with Art. 17 of the GDPR, you have the right to demand that the data in question be deleted without delay, or alternatively, in accordance with Art. 18 of the GDPR, to demand that the processing of the data be restricted.
You have the right to request that the data concerning you that you have provided to us be received in accordance with Art. 20 of the GDPR and to request that it be transferred to other data controllers.
You also have the right to lodge a complaint with the competent supervisory authority in accordance with Article 77 of the GDPR.
Right of revocation
You have the right to revoke any consent you have given in accordance with Art. 7 (3) DSGVO with effect for the future.
Right of objection
You may object to the future processing of data relating to you in accordance with Art. 21 DSGVO at any time. The objection can be made in particular against the processing for purposes of direct advertising.
Cookies and right to object in the case of direct advertising
Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his or her browser. In such a cookie, for example, the contents of a shopping basket in an online shop or a login status can be stored. Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent”. For example, the login status can be stored if users visit them after several days. Likewise, the interests of users can be stored in such a cookie, which is used for range measurement or marketing purposes. Third-party cookies” are cookies that are offered by providers other than the responsible party that operates the online offer (otherwise, if they are only its cookies, they are referred to as “first-party cookies”).
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
Deletion of data
The data processed by us will be deleted or its processing restricted in accordance with Articles 17 and 18 DSGVO. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.
According to legal requirements in Germany, data is stored for 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 nos. 1 and 4, para. 4 HGB (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years in accordance with § 257 para. 1 nos. 2 and 3, para. 4 HGB (commercial letters).
According to legal requirements in Austria, storage is in particular for 7 years pursuant to § 132 para. 1 BAO (accounting records, vouchers/invoices, accounts, receipts, business papers, statement of income and expenditure, etc.), for 22 years in connection with real property and for 10 years for records in connection with electronically provided services, telecommunications, radio and television services provided to non-entrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS) is claimed.
In addition, we process
- Contract data (e.g., subject matter of the contract, term, category of customer).
- Payment data (e.g., bank details, payment history)
of our customers, prospective customers and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.
Administration, financial accounting, office organisation, contact management
We process data in the context of administrative tasks as well as organisation of our operations, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the course of providing our contractual services. The processing bases are Art. 6 para. 1 lit. c. DSGVO, Art. 6 para. 1 lit. f. DSGVO. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e. tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information mentioned in these processing activities.
In this context, we disclose or transmit data to the tax authorities, consultants such as tax advisors or auditors as well as other fee offices and payment service providers.
Furthermore, we store information on suppliers, organisers and other business partners on the basis of our business interests, e.g. for the purpose of contacting them at a later date. This data, most of which is company-related, is stored permanently.
Participation in affiliate partner programmes
Within our online offer, we use industry-standard tracking measures on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer) pursuant to Art. 6 Para. 1 lit. f DSGVO, insofar as these are necessary for the operation of the affiliate system. In the following, we explain the technical background to users.
The services offered by our contractual partners may also be advertised and linked on other websites (so-called affiliate links or after-buy systems, if, for example, links or services of third parties are offered after a contract has been concluded). The operators of the respective websites receive a commission if users follow the affiliate links and subsequently take advantage of the offers.
In summary, it is necessary for our online offer that we can track whether users who are interested in affiliate links and/or the offers available on our website subsequently take up the offers at the instigation of the affiliate links or our online platform. For this purpose, the affiliate links and our offers are supplemented by certain values, which may be part of the link or otherwise set, e.g. in a cookie. The values include in particular the source website (referrer), time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, an online identifier of the user, as well as tracking-specific values such as e.g. advertising material ID, partner ID and categorisations.
The online identifiers of the users used by us are pseudonymous values. This means that the online identifiers themselves do not contain any personal data such as names or email addresses. They only help us to determine whether the same user who clicked on an affiliate link or became interested in an offer via our online offer has taken advantage of the offer, i.e. e.g. concluded a contract with the provider. However, the online ID is personal to the extent that the partner company and also we have the online ID together with other user data. Only in this way can the partner company inform us whether the user has taken up the offer and we can pay out the bonus, for example.
Amazon affiliate programme
We are participants in the Amazon Partner Programme on the basis of our legitimate interests (i.e. interest in the economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. DSGVO), we are participants in the Amazon EU affiliate programme, which is designed to provide a means for websites to earn advertising fees by placing advertisements and links to Amazon.de (so-called affiliate system). I.e. as an Amazon partner we earn from qualified purchases.
You can find more information about Amazon’s use of data and ways to object in the company’s data protection declaration: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010.
Note: Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or one of its affiliates.
AWIN Partner Programme
Further information on the use of data by Awin and the possibility to object can be found in the company’s data protection declaration: https://www.awin.com/de/rechtliches.
Digistore24 affiliate programme
For further information on the use of data by Digistore24 and the possibility to object, please refer to the company’s data protection declaration: https://www.digistore24.com/page/privacyl.
Firstlead GmbH / ADCELL Partner Programme
Further partner programmes / advertising customers
Other affiliate programmes and advertisers are used, but they do not set cookies here on the website and no IP transmission to these providers takes place. Clicking on affiliate links/advertising links will take you to the respective providers and there the terms and conditions and data processing guidelines of the respective providers apply.
Comments and contributions
When users leave comments or other contributions, their IP addresses may be stored for 7 days on the basis of our legitimate interests as defined in Art. 6 (1) lit. f. DSGVO are stored for 7 days. This is done for our security in case someone leaves unlawful content in comments and posts (insults, prohibited political propaganda, etc.). In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author.
Furthermore, we reserve the right, on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. DSGVO, to process the information provided by users for the purpose of spam detection.
The data provided in the context of comments and contributions will be permanently stored by us until the user objects.
When contacting us (e.g. by contact form, e-mail, telephone or via social media), the user’s details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 para. 1 lit. b) DSGVO. The user’s details may be stored in a customer relationship management system (“CRM system”) or comparable enquiry organisation.
We delete the enquiries if they are no longer necessary. We review the necessity every two years; furthermore, the legal archiving obligations apply.
With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.
Content of the newsletter: We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter “newsletter”) only with the consent of the recipients or a legal permission. If the contents of the Newsletter are specifically described in the course of registration, they are decisive for the consent of the users. Apart from that, our newsletters contain information about our services and us.
Double opt-in and logging: Registration for our newsletter is carried out in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Likewise, changes to your data stored with the dispatch service provider are logged.
Registration data: To register for the newsletter, it is sufficient to enter your e-mail address. Optionally, we ask you to enter a name for the purpose of a personal address in the newsletter.
The newsletter is sent and its success measured on the basis of the recipients’ consent pursuant to Art. 6 Para. 1 lit. a, Art. 7 DSGVO in conjunction with § 7 Para. 2 No. 3 UWG or, if consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Art. 6 Para. 1 lt. f. DSGVO in conjunction with § 7 Para. 2 No. 3 UWG. DSGVO in conjunction with. § 7 para. 3 UWG.
The logging of the registration process takes place on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO. Our interest is directed towards the use of a user-friendly as well as secure newsletter system that serves our business interests as well as the expectations of the users and furthermore allows us to prove consent.
Cancellation/revocation – You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them in order to be able to prove consent previously given. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time.
Newsletter – dispatch service provider
The newsletter is sent using the dispatch service provider Klick Tipp Limited, 15 Cambridge Court, 210 Shepherd’s Bush Road, London W6 7NJ, United Kingdom. You can view the data protection provisions of the dispatch service provider here: https://www.klick-tipp.com/datenschutzerkl%C3%A4rung. The shipping service provider is used on the basis of our legitimate interests pursuant to Art. 6 Para. 1 lit. f DSGVO and an order processing agreement pursuant to Art. 28 Para. 3 Sentence 1 DSGVO.
The dispatch service provider may use the data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimise or improve its own services, e.g. to technically optimise the dispatch and presentation of the newsletter or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.
Newsletter – performance measurement
The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file which is retrieved from our server when the newsletter is opened, or if we use a dispatch service provider, from their server. Within the scope of this retrieval, technical information such as information on the browser and your system, as well as your IP address and the time of the retrieval are initially collected.
This information is used for the technical improvement of the services on the basis of the technical data or the target groups and their reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our intention nor, if used, that of the dispatch service provider to observe individual users. The evaluations serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
Unfortunately, a separate revocation of the performance measurement is not possible, in which case the entire newsletter subscription must be cancelled.
Hosting and e-mail dispatch
The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services, which we use for the purpose of operating this online offer.
In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO (conclusion of a contract). Art. 28 DSGVO (conclusion of order processing contract).
Collection of access data and log files
We, or our hosting provider, collect data on every access to our website on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. DSGVO, we or our hosting provider collect data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.
Matomo (formerly: PIWIK)
We use Matomo (formerly: “PIWIK”) on our website. This is an open source software that allows us to analyse the use of our website. Your IP address, the website(s) you visit on our website, the website from which you linked to our website (referrer URL), the time you spend on our website and the frequency with which you visit one of our websites are processed.
To collect this data, Matomo stores a cookie on your end device via your internet browser. This cookie is valid for one week.
The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the analysis and optimisation of our website.
However, we use Matomo with the anonymisation function “Automatically Anonymize Visitor IPs”. This anonymisation function shortens your IP address by two bytes so that it is impossible to assign it to you or to the internet connection you are using.
If you do not agree to this processing, you have the option of preventing the storage of the cookie by means of a setting in your Internet browser. You can find more information on this above under “Cookies”.
VG Wort / Scalable central measurement procedure
Cookies and reports on access figures
We use “session cookies” from VG Wort, Munich, to measure access to texts in order to record the probability of copying. Session cookies are small units of information that a provider stores in the RAM of the visitor’s computer. A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. In addition, a cookie contains information about its origin and the storage period. Session cookies cannot store any other data. These measurements are carried out by Kantar Deutschland GmbH according to the Scalable Central Measurement Method (SZM). They help to determine the copy probability of individual texts for the remuneration of legal claims of authors and publishers. We do not collect personal data via cookies.
It is also possible to use our services without cookies. Most browsers are set to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser to notify you as soon as cookies are sent.
Data protection declaration
The terms used below include those from Article 4 of the General Data Protection Regulation (DSGVO).
Name and address of the person responsible
The responsible party within the meaning of the General Data Protection Regulation (DSGVO) and other national data protection laws of the member states as well as other data protection regulations is the manufacturer of this plugin stated in the imprint.
General information on data processing
Scope of the processing of personal data
As a matter of principle, we process personal data of our users only insofar as this is necessary for the provision of a functional plugin. The processing of personal data of our users is regularly only carried out with the consent of the user. An exception applies in cases where obtaining consent in advance is not possible for actual reasons and the processing of the data is permitted by legal regulations.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) c DSGVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) DSGVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.
Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or performance of a contract.
Data transmission on the Internet to our server is carried out via HTTPS and TLS protocol in an encrypted manner. An unencrypted transmission is not possible on the part of our server. The data is encrypted by our plugin or your web browser, then transmitted and finally decrypted by our server.
Provision of the plugin
Description and scope of data processing
The plugin does not send any data to the manufacturer without the consent of the user. Data that may be sent to the manufacturer is listed below. The plugin does not create or collect usage data.
Check function for counters
Description and scope of data processing
You have the option of having us check the counters embedded by the plugin on your website. This is done via the “Check” link, which can be found in several places in the plugin. If you click on this check link, the following data will be sent to our server:
by your access with a web browser:
Information about the type of web browser and the version used,
the user’s operating system,
the user’s IP address,
the date and time of access,
the website from which the user’s system accessed our server,
data contained in the verification link:
the public counter,
the link to the website (WordPress post/page) where the counter should be located.
The data sent to by your access with a web browser is only stored in the log files of our system if an error occurs during the corresponding page call. This does not affect the IP address of the user or other data that enables the data to be assigned to a user.
The data contained in the check link is used by our server to test whether the public counter is located on the web page (WordPress post/page) contained in the check link.
We temporarily store the user’s IP address solely for the purpose of determining how often the user uses the check function within a time interval.
This data is not stored together with other personal data of the user.
Legal basis for data processing
The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f or a DSGVO.
Purpose of data processing
The temporary storage of the IP address by the server is necessary to enable the delivery of the accessed website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The temporary storage of the data in the check link is necessary in order to carry out the check.
We temporarily store the user’s IP address exclusively to protect our check function from misuse (excessive use).
Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the check function for counters, this is the case when the respective session has ended. No permanent storage takes place.
We store the user’s IP address for a maximum of one day to protect our system.
Possibility of objection and removal
The storage of data in log files in the event of an error is absolutely necessary for the operation of the check function for counters. Consequently, there is no possibility of objection on the part of the user.
The storage of the user’s IP address is absolutely necessary for the protection of our system. Consequently, there is no possibility for the user to object.
The user can activate the use of the check function for counters via a checkbox in the “Data protection” area/menu in order to be able to use it, or deactivate it in order to object to its use. By default, this check box is disabled.
Rights of the data subject
If personal data is processed by you, you are a data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the controller:
Right of access
You may request confirmation from the controller as to whether personal data relating to you is being processed by us. If there is such processing, you may request information from the controller about the following:
The purposes for which the personal data are processed,
the categories of personal data which are processed,
the recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed,
the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage period,
the existence of a right to rectify or erase the personal data concerning you, a right to restrict processing by the controller or a right to object to such processing,
the existence of a right of appeal to a supervisory authority,
any available information on the origin of the data if the personal data is not collected from the data subject,
the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information on whether personal data concerning you are transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
Right to rectification
You have a right to rectification and/or completion vis-à-vis the data controller, insofar as the personal data processed concerning you are inaccurate or incomplete. The controller must make the rectification without undue delay.
Right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data,
the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data,
the controller no longer needs the personal data for the purposes of processing, but you need them for the establishment, exercise or defence of legal claims, or
if you have objected to the processing pursuant to Article 21(1) DSGVO and it has not yet been determined whether the legitimate grounds of the controller outweigh your grounds.
If the processing of personal data relating to you has been restricted, such data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
Where the restriction of processing has been restricted in accordance with the above conditions, you shall be informed by the controller before the restriction is lifted.
Right to erasure
Obligation to erase:
You may request the controller to erase the personal data concerning you without undue delay and the controller is obliged to erase such data without undue delay if one of the following reasons applies:
the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed,
you withdraw your consent on which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) DSGVO and there is no other legal basis for the processing,
you object to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) DSGVO,
the personal data concerning you have been processed unlawfully,
the erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject,
the personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.
Information to third parties:
If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, the controller shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers that process the personal data that you, as the data subject, have requested them to erase all links to, or copies or replications of, that personal data.
The right to erasure does not exist insofar as the processing is necessary:
for the exercise of the right to freedom of expression and information,
for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
for reasons of public interest in the field of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) DSGVO,
for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) DSGVO, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
for the assertion, exercise or defence of legal claims.
Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of these recipients by the controller.
Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that
the processing is based on consent pursuant to Art. 6 (1) a DSGVO or Art. 9 (2) a DSGVO or on a contract pursuant to Art. 6 (1) b DSGVO and
the processing is carried out with the help of automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.
Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
is necessary for the conclusion or performance of a contract between you and the controller,
is permitted under Union or Member State legislation to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
is done with your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
With regard to the aforementioned cases, the controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, which include at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.
Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
Online presences in social media
We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
Unless otherwise stated in our data protection declaration, we process the data of users if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.
Integration of third-party services and content
Within our online offer, we use content or service providers on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO). DSGVO) to integrate content or services offered by third-party providers, such as videos or fonts (hereinafter uniformly referred to as “content”).
This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offering, as well as being linked to such information from other sources.
Use of Facebook social plugins
We use social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd. DSGVO) social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are recognisable by one of the Facebook logos (white “f” on a blue tile, the terms “Like”, “Like” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user calls up a function of this online offer that contains such a plugin, his or her device establishes a direct connection with Facebook’s servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated into the online offer by the latter. In the process, user profiles can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.
By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his or her Facebook account. If users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted from their device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and store his or her IP address. According to Facebook, only an anonymised IP address is stored in Germany.
If a user is a Facebook member and does not want Facebook to collect data about him or her via this online offer and link it to his or her membership data stored with Facebook, he or she must log out of Facebook and delete his or her cookies before using our online offer. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://de-de.facebook.com/ads/settings or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
Shariff sharing functions
We use the privacy-safe “Shariff” buttons. “Shariff” was developed to enable more privacy on the net and to replace the usual “share” buttons of social networks. In this case, it is not the user’s browser but the server on which this online offer is located that establishes a connection with the server of the respective social media platforms and queries, for example, the number of likes, etc. The user remains anonymous. The user remains anonymous. More information on the Shariff project can be found at the developers of the magazine c’t: www.ct.de.
For a modern design and display of the content offered on different end devices and to increase the loading speed of our websites, we use the BootstrapCDN (Content Delivery Network) by MaxCDN, a brand of NetDNA (NetDNA, LLC; 3575 Cahuenga Boulevard West, Suite 330, Los Angeles, CA 91604, United States) to deliver libraries (collections of technical instructions) to your browser. Unless your browser has already cached a copy of BootstrapCDN by visiting other websites or is downloading the file for some other reason, your IP address is transmitted to the provider NetDNA during the connection to the BootstrapCDN server.
Further information on data protection at NetDNA, LLC. (MaxCDN) can be found at: https://www.maxcdn.com/legal/#pp.