1. Data protection at a glance
General information
The following gives a simple overview of what happens to your personal data when you visit this website. Personal data refers to any information with which you could be personally identified. Detailed information on the subject of data protection can be found in the data protection notice.
Data collection on this website
Who is responsible for data collection on this website?
The data collected on this website is processed by the website operator. The website operator’s contact details can be found in the section of this data protection notice called “Notice concerning the person responsible for this website”.
How is your data collected?
Some data is collected when you make it available. For example, this might include data you enter on a contact form.
Other data is collected by our IT systems automatically – or after you give your consent – when you visit the website. This is primarily technical data such as the browser and operating system you are using or the exact time you accessed the page. This data is collected automatically as soon as you enter this website.
What is your data used for?
Some of the data is collected to ensure that the website functions correctly. Other data can be used to analyse how visitors use the site.
What rights do you have regarding your data?
You always have the right to request information free of charge about your stored data, where it comes from, who receives it and for which purpose it was collected. You also have the right to request that this data be rectified or erased. After you have given your consent to have your data processed, you can revoke it for the future at any time. Under certain circumstances, you also have the right to demand that the processing of your personal data be limited. You also have the right to file a complaint with the relevant regulatory authorities.
If you have any further questions regarding data protection, you can contact us at any time.
2. Hosting
We host our website content with the following provider:
External hosting
This website is hosted externally. The personal data that is collected on this website is stored on the host’s servers. This includes above all IP addresses, contact requests, metadata, communication data, contractual data, contact data, names, website accesses and other data generated via a website.
External hosting is used for the purpose of fulfilling contractual obligations towards our potential and existing customers (Article 6(1) lit. b GDPR) and in the interests of making our website available in a safe, fast and efficient manner through a professional provider (Article 6(1) lit. f GDPR). Once consent has been obtained, data is processed exclusively on the basis of Article 6(1) lit. a GDPR and section 25(1) of the New German Telecommunications-Telemedia Data Protection Act (TTDSG), provided that the consent includes storing cookies or having access to information on the user’s terminal device (e.g. device fingerprinting) in accordance with TTDSG. The consent can be revoked at any time.
Our host will only process your data to the extent necessary to fulfil its performance obligations and will follow our instructions with regard to this data.
We use the following host:
Regional Internet Service
Auf der Bullenkoppel 5
21493 Grabau, Germany
Order processing
We entered into an order processing agreement for the aforementioned service. This is an agreement required by data protection law which ensures that the service may only process the personal data of our website users in line with our instructions and in accordance with GDPR.
3. General notes and mandatory information
Data protection
The operator of this website takes the protection of your personal data very seriously. Your personal data will be treated as confidential and in accordance with the statutory data protection regulations and this data protection notice.
If you use this website, various pieces of personal data will be collected. Personal data refers to information with which you could be personally identified. This data protection notice explains which information is collected and what it is used for. It also explains how and for what purpose this happens.
Please note that transferring data online (e.g. in e-mail communication) can pose a security risk. Complete protection of data against access by third parties is not possible.
Notice concerning the person responsible for this website
The person responsible for processing data on this website is:
Saschko Frey
Arndtstr. 12
51645 Gummersbach
Germany
Phone:
Email:
The responsible party is the natural or legal person who, whether alone or jointly with others, decides on the purposes and means of processing personal data (names, e-mail addresses, etc.).
Storage duration
Insofar as no storage duration was specified in this data protection notice, we will store your personal data until it is no longer needed for the purpose in question. If you make a justified request to have your data deleted or revoke your consent to your data being processed, your data will be deleted unless we have other legally permitted reasons for storing your personal data (e.g. to comply with retention periods required under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.
General information on the legal basis for data processing on this website
Provided that you have given your consent to having your personal data processed, we will process it based on Article 6(1) lit. a GDPR or based on Article 9(2) lit. a GDPR if special data categories are processed in accordance with Article 9(1) lit. a GDPR. If express consent is given for personal data to be transmitted to third countries, data processing will also take place in accordance with Article 49(1) lit. a GDPR. If you have given your consent for cookies or for information on your terminal device to be accessed (e.g. via device fingerprinting), data will also be processed based on section 25(1) TTDSG. The consent can be revoked at any time. If your data is required for fulfilling a contract or for carrying out pre-contractual measures, we will process it based on Article 6(1) lit. b GDPR. Furthermore, insofar as your data is required to fulfil a legal obligation, we will process it based on Article 6(1) lit. c GDPR. Data can also be processed based on our legitimate interest in accordance with Article 6(1) lit. f GDPR. Information on the relevant legal bases that apply in each individual case can be found in the following sections of this data protection notice.
Information on transmitting data to the USA and other third countries
Some of the tools we use are provided by companies based in the USA or other third countries without strong data protection laws. If these tools are active, your personal data can be transmitted to third countries and processed there. Please note that the level of data protection in these countries is not comparable with that of the EU. For example, US companies may be required to hand over personal data to security authorities without the individuals in question being able to take any legal action against this. Accordingly, it cannot be ruled out that US authorities (e.g. US intelligence) will – for surveillance purposes – process, evaluate and permanently store personal data of yours that is on US servers. We have no influence whatsoever on these processing activities.
Revoking your consent for processing your data
Many data processing operations are only possible with your express permission. After giving your consent, you can revoke it at any time. This revocation does not affect the legality of the data processing implemented up until the time of revocation.
Right of objection to data collection in specific cases and to direct advertising (Article 21 GDPR)
IF DATA IS PROCESSED BASED ON ARTICLE 6(1) LIT. E OR F OF THE GENERAL DATA PROTECTION REGULATION (GDPR), YOU HAVE – AT ANY TIME AND FOR REASONS PERTAINING TO YOUR SPECIFIC SITUATION – THE RIGHT TO LODGE AN OBJECTION TO YOUR PERSONAL DATA BEING PROCESSED; THIS ALSO APPLIES FOR A PROFILING BASED ON THESE PROVISIONS. THE LEGAL BASIS FOR PROCESSING IN EACH CASE CAN BE FOUND IN THIS DATA PROTECTION NOTICE. IF YOU LODGE AN OBJECTION, WE WILL NO LONGER PROCESS THE PERSONAL DATA OF YOURS IN QUESTION UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THIS DATA THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND LIBERTIES – OR IF THE PROCESSING OF THE DATA IS FOR THE PURPOSES OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION IN ACCORDANCE WITH ARTICLE 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSES OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO SAID PERSONAL DATA BEING PROCESSED FOR THE PURPOSES OF SUCH ADVERTISING; THIS ALSO APPLIES FOR PROFILING INSOFAR AS THIS IS IN CONNECTION WITH DIRECT ADVERTISING. IF YOU LODGE AN OBJECTION, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR THE PURPOSES OF DIRECT ADVERTISING (OBJECTION IN ACCORDANCE WITH ARTICLE 21(2) GDPR).
Right to lodge a complaint with the relevant regulatory authorities
In the case of GDPR breaches, those affected have the right to lodge a complaint with a supervisory authority, particularly in the member state in which they are habitually resident, in which they work or in which the alleged breach occurred. The right to lodge a complaint exists irrespective of any other legal or administrative remedies.
Right to transferable data
You have the right to request that data that we have processed by automated means based on your consent or for the performance of a contract be made available to you or a specified third party in a standard, machine-readable format. Requests for the data to be transferred directly to another responsible party can only be fulfilled insofar as this is technically feasible.
Right to access information and to have data rectified or deleted
In accordance with statutory regulations, you have the right to request – at any time and free of charge – information about any personal data of yours that has been stored, about its origin, its recipients and the purpose of the data processing. If applicable, you have the right to have this data rectified or deleted. If you have any further questions regarding personal data, please feel free to contact us at any time.
Right to limit processing of data
You have the right to demand that the processing of your personal data be limited. You can contact us at any time to request this. You will have the right to limit processing in the following cases:
- If you dispute the correctness of the personal data that we have stored, we generally require time to check this. You have the right to demand that the processing of your personal data be limited for the duration of this checking period.
- If your personal data is being or has been processed unlawfully, you can demand that data processing be limited rather than deleted.
- However, in the event that we no longer need your personal data but that you still need it for the purposes of asserting, exercising or defending legal claims, you have the right to demand that the processing of your personal data be limited rather than deleted.
- If you have lodged an objection in accordance with Article 21(1) GDPR, it is necessary for your interests and our interests to be weighed up against one another. Until such time as it has been established whose interests are to take priority, you have the right to demand that the processing of your personal data be limited.
If you have limited the processing of your personal data, this data – apart from its actual storage – may only be processed with your consent, or for the purposes of asserting, exercising or defending legal claims, or to protect the rights of another natural or legal person, or for reasons of substantial public interest in the European Union or one of its member states.
SSL/TLS encryption
This website uses SSL/TLS encryption for security reasons and to protect the transfer of confidential content, such as orders or requests that you send to us in our capacity as website operators. You can recognise encrypted connections from the “https://” in the browser address field (instead of the usual “http://”) and from the lock symbol in your browser line.
When SSL/TLS encryption is activated, data that you send to us cannot be read by third parties.
4. Data collection on this website
Server log files
The website provider automatically collects and stores information in “server log files” that your browser automatically transmits to the website operator. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of server request
- IP address
This data will not be combined with other data sources.
The legal basis for collecting said data is Article 6(1) lit. f GDPR. The website operator has a justified interest in optimising this website and keeping it free of technical problems – it is necessary to record server log files for this purpose.
Enquiries by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, we will save and process your enquiry, including all related personal data (name, nature of enquiry), for the purposes of dealing with it. We will not share this information without your consent.
The legal basis for processing said data is Article 6(1) lit. b GDPR, insofar as your enquiry is in connection with fulfilling a contract or is necessary for carrying out pre-contractual measures. In all remaining cases, the processing of data is based on our legitimate interest in processing enquiries effectively (Article 6(1) lit. f GDPR) or on your consent (Article 6(1) lit. a GDPR), insofar as this has been obtained; the consent can be revoked at any time.
We will retain the data that you sent us in your enquiry until such time as you request that we delete it, you revoke your consent to said data being stored or the purpose for storing the data is no longer valid (e.g. if your enquiry has been dealt with in full). This will not affect mandatory statutory provisions, particularly in the case of retention periods stipulated by law.
5. Plugins and tools
Vimeo
This website uses plugins from video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
If you visit one of our pages containing a Vimeo video, a connection will be established to the Vimeo servers. This communicates to the Vimeo server which of our pages you have visited. Vimeo also obtains your IP address. This is also the case even if you have not logged into Vimeo or have no account there. The information collected by Vimeo will be sent to the Vimeo server in the USA.
When you are logged into your Vimeo account, you enable Vimeo to link your browsing behaviour directly with your personal profile. You can avoid this by logging out of your Vimeo account.
Vimeo uses cookies or comparable recognition technologies (e.g. device fingerprinting) to recognise website visitors.
We use Vimeo to maximise the visual appeal of our website. This constitutes a legitimate interest within the meaning of Article 6(1) lit. f GDPR. Once consent has been obtained, data is processed exclusively on the basis of Article 6(1) lit. a GDPR and section 25(1) of the New German Telecommunications-Telemedia Data Protection Act (TTDSG), provided that the consent includes storing cookies or having access to information on the user’s terminal device (e.g. device fingerprinting) in accordance with TTDSG. The consent can be revoked at any time.
Transmission of data to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on “legitimate business interests”. You can find details here: https://vimeo.com/privacy.
Further information on how user data is dealt with can be found in Vimeo’s privacy policy at: https://vimeo.com/privacy.
Translation of German source from: eRecht24.