We consider the protection of the confidentiality of the personal data provided by you and protecting this against unauthorised access to be one of our most important tasks. Therefore we apply the highest degree of care and the most modern security standards in order to ensure maximum protection of your personal data.
As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the German Federal Data Protection Act (BDSG). We have taken technical and organisational measures which ensure that the regulations concerning data protection are complied with both by ourselves and by our external service providers.
The legislator requires that personal data be processed lawfully, in good faith and in a manner which can be understood by the data subject ("lawfulness, processing in good faith, transparency"). In order to ensure this, we wish to inform you of the individual statutory definitions which are also used in this data protection declaration.
1. Personal data
"Personal data" is all information which relates to an identified or identifiable natural person (hereinafter "data subject"); a natural person is considered identifiable if he or she can be identified directly or indirectly, in particular by means of allocation to a label such as a name, number, location data or an online profile or by means of one or more special characteristics which are an expression of the physical, physiological, genetic, psychiatric, economic, cultural or social identity of this natural person.
"Processing" is any process or any group of actions in connection with personal data carried out with or without the assistance of automated processes, such as gathering, recording, organisation, filing, saving, adjustment or alteration, reading, retrieval, use, disclosure by transfer, distribution or other form of provision, comparison or connection, restriction, deletion or destruction.
3. Restriction of the processing
"Restriction of the processing" is the marking of saved personal data with the objective of restricting its processing in the future.
"Profiling" is any type of automated processing of personal data which means that this personal data is used in order to evaluate certain personal aspects which relate to a natural person, in particular in order to analyse or forecast aspects relating to work performance, economic position, personal preferences, interests, reliability, behaviour, place of residence or change of location of this natural person.
"Pseudonymisation" is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without consulting additional information, provided that this additional information is stored separately and is subject to technical and organisational measures which ensure that the personal data cannot be assigned to an identified or identifiable natural person.
6. File system
A "file system" is any structured collection of personal data which is accessible in accordance with specific criteria, regardless of whether this collection is managed centrally, in a decentralised manner or in accordance with functional or geographical criteria.
A "controller" is a natural or legal person, authority, institution or other body which takes decisions concerning the purpose and the means of the processing of personal data alone or with others; should the purposes and means of this processing be mandated by EU law or the laws of the Member States, the controller and the specific criteria of its appointment can be prescribed by EU law or the laws of the Member States.
8. Order processor
An "order processor" is a natural or legal person, authority, institution or other body which processes personal data on behalf of the controller.
A "recipient" is a natural or legal person, authority, institution or other body to whom personal data is disclosed, regardless of whether this is a third party or not. Authorities which may receive personal data within the framework of a specific investigation order under EU law or the law of the Member States are not however considered to be recipients; the processing of this data by the named authorities takes place in accordance with the applicable data protection regulations in line with the purposes of the processing.
10. Third party
A "third party" is a natural or legal person, authority, institution or other body apart from the data subject, the controller, the order processor and the persons who are authorised to process the personal data under the direct responsibility of the controller or order processor.
"Consent" of the data subject is any declaration of will issued voluntarily in the specific case in an informed manner with no misunderstanding in the form of a declaration of other clear confirming action, by means of which the data subject makes clear that he or she agrees to the processing of the personal data relating to him or her.
The processing of personal data is only lawful if a legal basis exists for this. In accordance with Article 6 Paragraph 1 Letters a) to f) GDPR, the legal basis for the processing can be the following in particular:
a. The data subject has issued his or her consent to the processing of the personal data relating to him or her for one or more specific purposes;
b. The processing is necessary to fulfil a contract where the contracting party is the data subject or in order to carry out pre-contractual measures which take place following a request by the data subject;
c. The processing is necessary to fulfil a contractual obligation to which the controller is subject;
d. The processing is necessary to protect vital interests of the data subject or another natural person;
e. The processing is necessary to carry out a task which is in the public interest or which takes place in the course of the exercising of public powers which have been transferred to the controller;
f. The processing is necessary to safeguard the legitimate interests of the controller or a third party, provided that the interests, basic rights and basic freedom of the data subject which require the protection of personal data does not outweigh this, in particular if the data subject is a child.
(1) Below, we will inform you of the gathering of personal data when you use our website. Personal data can include your name, address, email addresses and user behaviour.
(2) When getting in touch with us by email or via a contact form, the data provided by you (your email address, if applicable your name and telephone number) is saved by us in order to respond to your queries. We delete the data which is gathered during the process, once the saving of the data is no longer necessary or we restrict the processing, should statutory retention obligations exist.
Should you use the website for purely information purposes, ie should you not register or provide us with other information, we only gather the personal data which your browser transfers to our server. Should you wish to view our website, we gather the following data which is technically necessary for us in order to display our website to you and to guarantee stability and security (legal basis is Article 6 Paragraph 1 Sentence 1 Letter f) GDPR):
- IP address
- Date and time of the access
- Time zone difference to GMT
- Content of the request (concrete page)
- Access status / HTTP status code
- Respective transferred data quantity
- Website from which the request originates
- Operating system and its interface
- Language and version of the browser software
(1) In addition to the data named above, cookies are saved on your computer when you use our website. Cookies are small text files which are saved on your hard drive by the browser used by you and by means of which the location which sets the cookie is provided with certain information. Cookies cannot start any programs or transfer viruses to your computer. The purpose of cookies is to make the Internet service more user friendly and more effective overall.
(2) This website uses the following types of cookies, the scope and function of which will be described below:
- Temporary cookies (see a)
- Permanent cookies (see b)
a. Temporary cookies are automatically deleted when you close the browser. These include the session cookies in particular. These save a so-called session ID, by means of which various requests of your browser can be assigned to the joint session. By means of these, your browser can be recognised again when you return to our website. The session cookies are deleted when you log out or close the browser.
b. Permanent cookies are automatically deleted after a prescribed period which can differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
c. You can configure your browser setting in accordance with your wishes and
reject the acceptance of third party cookies or all cookies as an example. So-called "third party cookies" are cookies which were set by a third party and as a result not by the actual website you are currently visiting. We wish to point out that should you de-activate cookies, you may not be able to use all functions of this website.
(1) Alongside use of our website merely for information purposes, we provide various services which you can use, should these be of interest. In order to do so, you are generally required to provide additional personal data, which we use in order to provide the respective service and for which the data processing principles stated above apply.
(2) In part, we use external service providers in order to process your data. These have been carefully selected and engaged by us, are bound by our instructions and are regularly monitored.
(3) In addition, we can pass your personal data on to third parties, should campaign participations, competitions, the conclusion of contracts or similar services be offered by us together with partners. You can obtain further information in this respect when you provide your personal data or in the description of the service below.
(4) Should our service providers or partners have their place of business in a country outside of the European Economic Area (EEA), we will inform you of the consequences of this position in the description of the service.
(1) Revocation of the consent
Should the processing of the personal data take place on the basis of consent which has been issued, you have the right to revoke the consent at any time. The revocation of the consent will not affect the lawfulness of the processing which took place prior to the issuing of the revocation.
You can contact us at any time in order to claim the right of revocation.
(2) Right of confirmation
You have the right to request confirmation from the controller as to whether we process personal data relating to you. You can request the confirmation at any time via the contact information above.
(3) Right of information
Should personal data be processed, you can request information relating to this personal data and the following information at any time:
a. The purposes of the processing;
b. The categories of personal data which are being processed;
c. The recipients or categories of recipients to whom personal data has been disclosed or will be disclosed, in particular in case of recipients in third countries or in case of international organisations;
d. Where possible, the planned duration for which the personal data will be saved or should this not be possible, the criteria for determining this duration;
e. The existence of the right to have the personal data relating to you corrected or deleted or to have the processing by the controller restricted or to raise an objection to this processing;
f. The existence of a right to complain to a supervisory authority;
g. Should the personal data not be gathered from the data subject, all available information concerning the origin of the data;
h. The existence of automated decision making including profiling in accordance with Article 22 Paragraphs 1 and 4 GDPR and, at least in these cases, detailed information concerning the involved logic and the extent and intended effects of such processing for the data subject.
Should personal data be transferred to a third country or international organisation, you have the right to be informed of the suitable guarantees in accordance with Article 46 GDPR in connection with the transfer. We will provide a copy of the personal data which is the subject of the processing. For all other copies which you request, we can charge a reasonable fee on the basis of the administration costs. Should you issue the request electronically, the information will be provided in an up-to-date electronic format unless otherwise stated. The right to receive a copy in accordance with Paragraph 3 must not impair the rights and freedoms of other persons.
(4) Right of correction
You have the right to request that we immediately correct incorrect personal data relating to you. Taking the purposes of the processing into account, you have the right to request the completion of incomplete personal data, also by means of a supplementary declaration.
(5) Right of erasure ("right to be forgotten")
You have the right to request that the controller immediately deletes personal data relating to you and we are obliged to immediately delete personal data, should one of the following reasons be present:
a. The personal data is no longer necessary for the purposes for which it was gathered or otherwise processed.
b. The data subject revokes his or her consent on which the processing was based in accordance with Article 6 Paragraph 1 Letter a) or Article 9 Paragraph 2 Letter a) GDPR and no other legal basis for the processing is present.
c. The data subject raises an objection to the processing in accordance with Article 21 Paragraph 1 GDPR and no legitimate reasons for the processing which take priority exist or the data subject raises an objection to the processing in accordance with Article 21 Paragraph 2 GDPR.
d. The personal data was processed unlawfully.
e. The deletion of the personal data is necessary to fulfil a legal obligation under EU law or the laws of the Member States to which the controller is subject.
f. The personal data was gathered in connection with services provided by the information company in accordance with Article 8 Paragraph 1 GDPR.
Should the controller have made the personal data public and should it be obliged to delete it in accordance with Paragraph 1, then taking the available technology and implementation costs into account, it will take reasonable measures (also of a technical nature) in order to inform the responsible body which processes the personal data that a data subject has requested that all links to this personal data or copies or reproductions of this personal data be deleted.
The right of erasure ("right to be forgotten") does not apply should the processing be necessary:
In order to exercise the right to freely express one's opinion and information;
In order to fulfil a legal obligation which requires the processing under EU law of the laws of the Member States to which the controller is subject or in order to perform a task which is in the public interest or which takes place by means of the exercising of public powers which were transferred to the controller;
For reasons in the public interest in the area of public health in accordance with Article 9 Paragraph 2 Letters h) and i) and Article 9 Paragraph 3 GDPR;
For archiving purposes, economic or historical research purposes in the public interest or for statistical purposes in accordance with Article 89 Paragraph 1 GDPR, should the right named in Paragraph 1 be expected to make the attainment of the purposes of this processing impossible or to significantly impair it.
In order to assert, exercise or defend legal claims.
(6) Right to have the processing restricted
You have the right to request that we restrict the processing of your personal data, should one of the requirements below be present:
a. The correctness of the personal data is disputed by the data subject for a period of time which enables the controller to check the correctness of the personal data;
b. The processing is unlawful and the data subject rejects the deletion of the personal data and instead requests that the use of the personal data be restricted;
c. The controller no longer requires the personal data for the purposes of the processing, however the data subject requires it in order to assert, exercise or defend legal claims or
d. The data subject has raised an objection to the processing in accordance with Article 21 Paragraph 1 GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject.
Should the processing have been restricted in line with the requirements stated above, this personal data (with the exception of its saving) will only be processed with the consent of the data subject or in order to assert, exercise or defend legal claims or in order to protect the rights of another natural or legal person or for reasons connected to an important public interest of the EU or a Member State.
In order to claim the right to have the processing restricted, the data subject can get in touch with us at any time via the contact details above.
(7) Right of data portability
You have the right to receive the personal data relating to you which you have provided to us in a structured, up-to-date and machine readable format and you have the right to transfer this data to another controller without hindrance by the controller to whom the personal data was provided, should:
a. the processing be based on consent in accordance with Article 6 Paragraph 1 Letter a) or Article 9 Paragraph 2 Letter a) or on a contract in accordance with Article 6 Paragraph 1 Letter b) GDPR and
b. the processing takes place with the assistance of automated procedures.
When claiming the right of data portability in accordance with Paragraph 1, you have the right to have the personal data transferred from one controller directly to another controller, provided that this is technically possible. The claiming of the right of data portability does not affect the right of erasure ("right to be forgotten"). This right does not apply to processing which is necessary to carry out a task which is in the public interest or which takes place in the course of the exercising of public powers which have been transferred to the controller;
(8) Right of objection
You have the right to raise an objection to the processing of the personal data relating to you at any time for reasons connected to your specific situation where the processing takes place in accordance with Article 6 Paragraph 1 Letter e) or Letter f) GDPR; this also applies to any profiling which is based on these provisions. The controller will no longer process the personal data, unless it can prove mandatory protectable reasons for the processing which outweigh the rights and freedoms of the data subject or the purpose of the processing is the assertion, exercising or defence of legal claims.
Should personal data be processed in order to carry out direct advertising, you have the right to raise an objection at any time to the processing of personal data relating to you for the purposes of such advertising; this also applies to profiling, should it be connected to such direct advertising. Should you object to the processing for the purposes of direct advertising, the personal data will no longer be processed for these purposes.
In connection with the use of services of the information company, regardless of Directive 2002/58/EC, you can exercise your right of objection by means of automated procedures where technical specifications are used.
You have the right to raise an objection to the processing of personal data relating to you for reasons connected to your specific situation where this takes place for economic or historical research or statistical purposes in accordance with Article 89 Paragraph 1, unless the processing is necessary for fulfilment of a task which is in the public interest.
You can exercise the right of objection at any time by contacting the respective controller.
(9) Automated decisions in an individual case, including profiling
You have the right not to be subjected to a decision based exclusively on automated processing, including profiling which has legal effect on you or significantly impairs you in a similar manner. This does not apply should the decision:
a. be necessary in order to conclude a contract between the data subject and the controller:
b. be lawful under legal regulations of the EU or the Member States to which the controller is subject and the said legal measures contain reasonable measures for safeguarding the rights and freedoms and the legitimate interests of the data subject or
c. take place with the consent of the data subject.
The controller will take reasonable measures in order to safeguard the rights and freedoms and legitimate interests of the data subject, whereby this includes as a minimum the right to have a person intervene on the part of the controller, to set out one's own opinion and to contest the decision.
The data subject can exercise the right of objection at any time by contacting the respective controller.
(10) Right to complain to a supervisory authority
Regardless of other legal remedies under administrative laws or before a court, you also have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, place of employment or location of the alleged breach, should the data subject be of the opinion that the processing of the personal data relating to him or her breaches this regulation.
(11) Right to effective legal remedy before a court
Regardless of available legal remedies under administrative laws or out of court, including the right to complain to a supervisory authority, in accordance withArticle 77 GDPR you have the right to effective legal remedy before a court, should you be of the opinion that the rights to which you are entitled under this regulations have been infringed due to processing of your personal data which has not taken place in accordance with the provisions of this regulation.
(1) This website uses the web analysis service Matomo in order to analyse the use of our website and to regularly improve it. By means of the statistics which are generated, we can improve our service and make it more interesting to you as a user. The legal basis for the use of Matomo is Article6 Paragraph1 Sentence 1 Letter f) GDPR.
(2) For this evaluation, cookies are saved on your computer. The controller only saves the information which is gathered in this way on its server in Germany. You can prevent the evaluation by deleting the cookies and preventing the saving of cookies. Should you prevent the saving of cookies, we wish to point out that you may not be able to fully use this website. It is possible to prevent the saving of cookies by setting your browser accordingly. It is possible to prevent the use of Matomo be removing the following tick and activating the opt out plugin.
(3) This website uses Matomo with the "AnonymizeIP“ extension. By means of this, IP addresses are further processed in shortened form and as a result, it is not possible to trace a person. The IP address which is transferred by your browser by means of Matomo is not combined with other data gathered by us.
(4) The program Matomo is an open source project. Data protection information of the third party provider can be obtained from matomo.org/privacy-policy/
(1) On this website, we use the service of Google Maps. By means of this, we can display interactive maps to you directly in the website and this allows you to comfortably use the maps function.
(2) By means of the visit to the website, Google is informed that you have accessed the corresponding sub page of our website. In addition, the data named in § 3 of this declaration is transferred. This takes place regardless of whether Google provides a user account via which you are logged in or whether no user account exists. Should you be logged in, your data will be assigned directly to your account. Should you not wish the assignment to your Google profile to take place, you need to log out before activating the button. Google saves your data as use profiles and uses this for purposes connected to advertising, market research and/or designing its website in line with customer demands. In particular, such an evaluation takes place (even for users who are not logged in) to provide advertising tailored to customer requirements and to inform other users of the social network of your activities on our website. You have a right of objection to the forming of these user profiles, whereby you need to contact Google in order to claim this.
(3) Further information concerning the scope and purpose of the data gathering and its processing by the plugin provider can be obtained in the data protection declarations of the provider. Here, you can also obtain further information about your rights in this respect and setting options in order to protect your private sphere: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield: www.privacyshield.gov/EU-US-Framework.
We use external service providers (order processors) to send goods, our newsletter or process payments as examples. A separate order data processing agreement has been concluded with the service provider, in order to guarantee the protection of your personal data.
We work with the following service providers:
- HANSALOG GmbH & Co. KG