Thank you for visiting our website. As a service provider, the security of your personal data is particularly important to us. We would therefore like to inform you in detail about the use of your personal data when you visit our website.
Definition of terms
This Data Privacy Statement is based on the terms used by the European legislative and regulatory authorities when adopting the General Data Protection Regulation (GDPR). Our Data Privacy Statement is intended to be easy to read and understand, both for the public and for our customers and business partners. We would like to begin by explaining the terms used so as to guarantee that we have achieved our intention.
Some of the terms used in this Data Privacy Statement are defined below:
– Personal data: Personal data are pieces of information relating to an identified or identifiable natural person (referred to below as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, or to an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
– Data subject: A data subject is any identified or identifiable natural person whose personal data are processed by the controller responsible for their processing.
– Processing: Processing is the term used to denote any operation or series of operations which is performed in connection with personal data, with or without the aid of automated procedures, such as collection, recording, organisation, filing, storage, adaptation, modification, readout, retrieval, usage, disclosure by transmission, dissemination or other form of provision, alignment or connection, restriction, erasure or destruction.
– Restriction of processing: Restriction of processing is a procedure in connection with stored personal data with the aim of limiting their processing in the future.
– Profiling: Profiling is any form of automated processing of personal data which involves the use of these personal data to evaluate certain aspects relating to a natural person, in particular to analyse or predict aspects pertaining to the performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of this person.
– Controller: The controller or the party responsible for the processing is the natural or legal person, public authority, agency or other body who or which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
– Processor: The processor is a natural or legal person, public authority, agency or other body who or which processes personal data on behalf of the controller.
– Recipient: The recipient is a natural or legal person, public authority, agency or another body to whom or to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the context of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
– Third party: A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who or which, under the direct authority of the controller or processor, are authorised to process personal data.
– Consent: Consent of the data subject means any freely given, specific, informed and unambiguous indication of wishes by which the data subject signifies agreement to the processing of his or her personal data by a statement or by clear affirmative action.
Collection of data
Every time a data subject or an automated system accesses our website, the website collects a series of general data and information. These general data and information are stored in the server log files. The following information may be collected:
– the browser types and versions used,
– the operating system used by the system accessing the site,
– the website from which a system gains access to our website (so-called referrer),
– the subpages which are visited on our website through the system gaining access,
– the date and time of the website visit,
– an Internet protocol address (IP address),
– the Internet service provider of the system gaining access
– other similar data and information used for security purposes in the event of attacks on our information technology systems.
Instances of access via FTP are logged with anonymous user names and IP addresses and stored for 60 days.
When using these general data and information, we do not determine the identity of the data subject. This information is required for the following purposes:
– to deliver our website content correctly,
– to optimise our website content and the advertising for, the website
– to ensure the permanent operability of our information technology systems and our website technology
– to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyberattack.
These data and information are collected anonymously and are therefore evaluated by us statistically on the one hand and also with the aim of increasing data protection and data security in our company with the ultimate aim of ensuring an optimum level of protection for the personal data processed by us. The anonymous data in the server log files are stored separately from all the personal data provided by a data subject.
SSL and TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential information, such as the content of purchase orders or inquiries which you send to us as the website operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the padlock symbol in your browser toolbar.
If SSL or TLS encryption is activated, the data which you send to us cannot be read by third parties during their transmission.
You can contact us by post, telephone, fax or email.
If you contact us by post, for example, we can most notably process your address data (e.g. surname, forename, street, town, postcode), date and time of receipt, and the data contained in your correspondence. Depending on which data you provide, we will contact you by telephone, fax or email and, where applicable, call you back or write to you.
If you contact us by telephone, we will most notably process your telephone number and, where applicable and requested in the course of the conversation, your name, email address, the time of the call and details of your inquiry.
If you contact us by fax, we will most notably process the fax number or the sender identification as well as the data contained in the fax.
Due to statutory regulations, our website contains information which enables rapid electronic contact with our company and direct communication with us, also including a general address for electronic mail (email address).
If you contact us by email, we will most notably process your email address, the time of the email and the data contained in the message (and in any attachments, where applicable).
The above data will be processed for the purpose of responding to the inquiry and in order to be able to contact the sender.
The legal basis for the processing of personal data in these cases is Art. 6 (1) f) GDPR. It is our legitimate interest to be able to offer you the opportunity to contact us at any time and to be able to respond to your inquiries.
Information on the use of email
There can be security issues when communicating through unencrypted emails. For example, emails may be intercepted on their way to the employees of our company and viewed by experienced Internet users. If we receive an email from you, we will assume that we are entitled to reply by email. If this is not the case, you are required to refer explicitly to another form of communication. Please also let us know beforehand if you would like email communications to be protected by PGP encryption.
Log files of emails sent over our mail servers are deleted after eight weeks. The relatively long period of storage is necessary to analyse faults with dispatch or receipt processes, to ensure that the mail services are working properly, and to combat junk mail.
The logs listing emails dispatched via Sendmail/PHP are anonymised after one day and are kept for seven days.
Legal or contractual regulations on the provision of personal data
The provision of personal data is prescribed by law in some cases (e.g. tax regulations) but may also be required as a result of contractual arrangements (e.g. information on the contractual partner). It is necessary for the purposes of concluding contracts and fulfilling contracts for you to provide us with personal data which must subsequently be processed by us. Otherwise it will not be possible to enter into a contract with us because communications cannot be exchanged for the relevant purposes.
Your personal data will be processed solely for the purpose of fulfilling the contract under Art. 6 (1) b) GDPR. The purpose which we pursue in our data processing is to guarantee smooth contact processes with the customer. The processing of data pursuant to Art. 6 (1) f) GDPR is also necessary to safeguard our legitimate interests or those of a third party. These apply in connection with the processing of your order and final invoicing.
Data categories and data sources: We process the following categories of data: master data, communication data, contract data, accounting data, accounts receivable data, asset data. These data will be sent to us only by you.
Recipient: We will only process your data to the extent required in any given order and, where
necessary, send them to the following categories of recipients to whom the personal data will be disclosed insofar as is necessary for the assertion of our claim: public authorities, third-party debtors, authorised legal representatives (of opposing parties, third-party debtors, other third parties), lawyers, assignees, employers, insurance companies and, where applicable, other third parties (e.g. tax accountants, revenue authorities, etc.).
If you do not want cookies to be stored on your terminal device for reach measurement, you can opt out of the use of these files here:
– Network Advertising Initiative cookie deactivation page:
Commonly used browsers offer the option of disabling cookies. Note: there is no guarantee that you will be able to access all the functions of this website without restrictions if you enter the settings required in this case.
The purpose of this processing is to make our website user-friendly for you and to provide you with the opportunity to save your settings.
The legal basis for the processing is Art. 6 (1) f) GDPR. We have a legitimate interest in presenting you with a website which stores your personal settings and makes it easier for you to visit our website.
Use of Google services
We use various services provided by Google Inc. on our website (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
More detailed information on the specific individual Google services which we use on this website is included below.
Use of Google Maps
This website uses Google Maps for site layout plans. The Google Maps service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google may collect and process information (including personal data) due to the incorporation of Google services. It cannot be ruled out that Google may also transfer the information to a server in a third country.
As stated in the Privacy Shield certification held by Google (available at https://www.privacyshield.gov/list under the search term “Google”), Google has signed up to the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework in respect of the collection, use and storage of personal data from the EU Member States and Switzerland
respectively. Google, including Google LLC and its wholly owned subsidiaries in the USA, has been certified as compliant with the Privacy Shield Principles. Further information can be found at https://www.google.de/policies/privacy/frameworks/.
We have no control over which data Google actually collects and processes. Google does state, however, that various pieces of information (including personal data) can be processed as a general principle, such as the following:
– log data (especially IP address)
– location-related information
– unique application numbers
– cookies and similar technologies
If you have logged into your Google Account, Google may add the processed information to your account and treat it as personal data, depending on your account settings, cf. https://www.google.de/policies/privacy/partners.
Google covers various issues in its statement, including the following:
“We may combine personal information from one service with information, including personal information, from other Google services – for example to make it easier to share things with people you know. Depending on your account settings, your activity on other sites and apps may be associated with your personal information in order to improve Google’s services and the ads delivered by Google.” (https://www.google.com/intl/en/policies/privacy/index.html)
You can prevent this information from being added directly to your account by logging out of your Google Account or by entering the appropriate settings in your Google Account.
You can find information about Google’s privacy settings at https://privacy.google.com/take-control.html.
The legal basis for the processing of personal data in these cases is Art. 6 (1) f) GDPR. The option of evaluating the success of individual services enables us to react to the market in various ways, such as targeting our offers at potential users in the best possible way. Google also has a legitimate interest in the (personal) data collected in order to improve its own services.
Use of Google Web Fonts
We use external fonts on our website (so-called Google Fonts). Google Fonts is a service provided by Google Inc. (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The web fonts are integrated through an interface (“API”) to the Google services. Google may collect and process information (including personal data) about you in certain circumstances due to the integration of the web fonts. It cannot be ruled out that Google may also transfer the information to a server in a third country.
Please see the preceding section of this privacy statement for information about the Privacy Shield certification currently held by Google and other relevant data relating to the processing of data by Google in connection with the use of Google services.
We ourselves do not collect any data in connection with the provision of Google Fonts.
Our aim in incorporating Google Fonts is to be able to display consistent fonts on your device.
The legal basis for the processing of personal data in these cases is Art. 6 (1) f) GDPR. Our necessary legitimate interest in this case lies in the great benefit offered by a uniform display of the fonts. The option of a uniform display allows us to spend less time and money on design than we would if we had to react to font standards of different operating systems or browsers with graphically customised web pages. Google also has a legitimate interest in the (personal) data collected in order to improve its own services.
There is a TLS-encrypted contact form on our website (cf. SSL and TLS encryption above) which you can use as a means of electronic contact.
If you use this form to contact us, we will process the data entered in the input fields.
In this case the following data entries are mandatory:
– forename and surname;
– email address;
– telephone number (not mandatory);
– message sent (not mandatory).
Mandatory and voluntary information will be treated equally by us. The mandatory information is necessary in order to be able to contact you and to process your inquiry.
The following data are also saved when the form is sent:
– your IP address
– date and time of sending.
The personal data entered in the mandatory fields and the information provided on a voluntary basis are processed in order to respond to the contact request and in order to be able to contact you for the purpose of dealing with your inquiry.
The legal basis for the processing of the personal data provided by you during the contact procedure is Art. 6 (1) b) GDPR.
The other personal data processed during the sending procedure (IP address, date and time of sending) serve to prevent misuse of our contact form.
The legal basis for this is our legitimate interest pursuant to Art. 6 (1) f) GDPR. We have a legitimate interest in being able to prevent or prove misuse of our contact form.
The data will be erased as soon as they are no longer required for the purpose for which they were collected.
The recipient of the data is our server host who works on our instructions under a commissioned data processing agreement.
Embedded videos and images from external websites
Some of our pages contain embedded content from YouTube or external websites. If you merely
access a page on our website with embedded videos or images from such external sources, no personal data will be transmitted, with the exception of the IP address. In the case of YouTube, the IP address will be transmitted to Google Inc., 600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) and, in the case of Instagram, to Instagram Inc., 181 South Park Street, Suite 2, San Francisco, CA 94107, USA (“Instagram”).
Announcement of changes
Amendments to laws or changes in our internal processes may necessitate changes to this Data Privacy Statement.
In the event of any such change, we will notify you at least six weeks before it becomes effective. As a general rule, you have the right to revoke any consent already granted.
Please note (if you do not exercise your right of revocation) that the current version of the Data Privacy Statement at any given time is the valid one.
Revision/erasure of your personal data
You have the option of checking, changing or erasing the personal data provided to us at any time by sending us an email to the email address email@example.com. You also have the right to revoke, at any time, any consent already granted with effect for the future. The stored personal data will be erased if you revoke your consent to their storage.
The controller responsible for data processing will process and store the personal data of the data subject only for the time necessary to achieve the purpose for which the data are stored, or to the extent dictated by the European legislative and regulatory authorities or by another legislator in laws or regulations to which the controller is subject.
If the storage purpose ceases to apply, or if a storage period prescribed by the European legislative and regulatory authorities or by another legislator expires, the personal data will be routinely blocked or erased in accordance with the statutory provisions.
For the creation and evaluation of online surveys we apply „SurveyMonkey“ (SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland). Participiation in such surveys always is optional.
At clicking on the link to the survey, the IP address of the user will be recorded. Furthermore, we request to provide us voluntarily with your name and surname as well as your e-mail address in order to clarify possible queries. The results are used within the company for analysis and as a basis for improving our range of services. In individual cases, we reserve the right to pass on the data collected from the customer to third parties. The legal basis for the processing of personal data described here is pursuant to Art. 6 (1) f) GDPR. Our justified interest, which is necessary for this, lies in the great benefit of being able to react purposefully to market behaviour and to place our offers in the best possible way for interested users.
SurveyMonkey will use this information on our behalf to create reports that enable us to analyze the satisfaction of our customers. In addition, SurveyMonkey may optimize its own services through the use of the online survey by respondents and create data trends. We collect cookies, usage data, device and browser data, log data and, where applicable, data about third-party integrations. Pseudonymous user profiles can be created from the processed data. In addition, the respondent’s contact information may be used to clarify a concern if the respondent has contacted SurveyMonkey.
SurveyMonkey is certified under the Privacy Shield Agreement, thereby providing a guarantee of compliance with European data protection legislation: https://www.privacyshield.gov/participantid=a2zt0000000Gn7zAAC&status=Active.
When you have participated in our survey you always can get in contact with us under above mentioned email address and request for erasure of your personal data provided in the survey.
Rights of data subjects
You have the following rights in principle:
– right of access (Art. 15 GDPR)
– right to rectification (Art. 16 GDPR)
– right to object (Art. 21 GDPR)
– right to erasure (Art. 17 GDPR)
– right to restriction of processing (Art. 18 f. GDPR)
– right to data portability (Art. 20 GDPR)
Please address any inquiries in this regard to firstname.lastname@example.org or call + 49 931 452814-0. Please note that we must take measures to ensure that any such inquiries are genuinely from the actual data subject.
You have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority with responsibility for data protection.
Automated decision-making processes do not take place on our website.
Note on the right to object
Data subjects whose personal data are processed have the right to object at any time, on grounds
relating to their particular situation, to the processing of their personal data which is carried out on the basis of Art. 6 (1) e) or f) GDPR.
You can express your objection or send us notice of your objection at any time (e.g. by email to email@example.com or by calling 0931/4528140).
Where objections are raised, we will no longer process the personal data unless we can show compelling legitimate grounds for their processing which override the interests, rights and freedoms of the data subject, or if the data are processed for the establishment, exercise or defence of legal claims.
We do not process any personal data for direct marketing or profiling purposes. Notwithstanding the above, any data subjects whose personal data are processed have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning them or significantly affects them in a similar manner in the following cases:
– the decision is necessary for the conclusion or performance of a contract between the data subject and the controller, or
– the decision is authorised by Union or Member State law to which the controller is subject and which also lays down appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, or
– the decision is taken with the express consent of the data subject.
In cases where the following applies:
– the decision is necessary for the conclusion or performance of a contract between the data subject and the controller, or
– the decision is taken with the express consent of the data subject,
we take appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, including at least the right to obtain human intervention on the part of the controller, the right to express a point of view and the right to contest the decision.
Any data subject wishing to exercise rights in respect of automated decision-making processes may contact our data protection officer or another employee of the data controller at any time.
Any data subject whose personal data are processed has the right to revoke consent to the processing of personal data at any time.
Any data subject wishing to exercise rights in respect of the revocation of consent may contact our data protection officer or another employee of the data controller at any time.
We have technical and organisational measures in place to protect our website and other systems and to prevent your data from being lost, destroyed, accessed, altered or distributed by unauthorised persons. Despite regular checks, however, it is not possible to provide full protection from all risks.
Data controller and contact person
Please write directly to the data protection officer below if you have any questions on the collection, processing or use of your personal data, if you have a request for information, rectification, blockage or erasure of data, or if you wish to revoke consent which has been granted or object to a specific use of data.
Data protection officer
Our data protection officer can be contacted at firstname.lastname@example.org.
Authority responsible for supervising
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Phone: +49 981 53-1300
Fax: +49 981 53 98-1300