Data protection information for clients

In principle, we only process our users’ personal data insofar as this is necessary, to provide a functioning website as well as our content and services. The processing of our users’ personal data only takes place on a regular basis with the consent of the user. An exception applies to cases, in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

Insofar as we obtain the consent of the data subject for the processing of personal data, art. 6 sec. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

In the processing of personal data necessary for the performance of a contract to which the data subject is a party, art. 6 sec. 1 lit. b of the GDPR serves as the legal basis. This also applies to processing operations required to carry out precontractual measures.

Insofar as the processing of personal data is required to fulfill a legal obligation our company is subject to, art. 6 sec. 1 lit. c of the GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, art. 6 sec. 1 lit. d of the GDPR serves as the legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not prevail over the former interest, art. 6 sec. 1 lit. f of the GDPR serves as the legal basis said processing.

If, in the context of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant access to the data, this will only be done on the basis of legal permission (e.g. if transmission of the data to third parties, such as to payment service providers, is required to fulfill the contract in accordance with art. 6 sec. 1 lit. b of the GDPR), you have consented, a legal obligation stipulates it or based on our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties with the processing of data based on a so-called “Agreement on data processing”, this is conducted based on art. 28 of the GDPR.

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or do this in the context of using third party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfill our (pre)contractual obligations, based on your consent, based on a legal obligation or based on our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements pursuant to art. 44 ff. of the GDPR are met. That means processing takes place e.g. on the basis of specific guarantees, such as the officially recognised identification of an EU compliant data protection standard (e.g. for the US through the Privacy Shield) or in compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).

The data subject’s personal data will be erased or blocked as soon as the purpose of the storage is no longer given. Furthermore, such storage may take place if this is stipulated by the European or national legislative authorities in EU regulations, laws or other regulations to which the controller is subject. Blocking or erasure of the data also takes place if a retention period stipulated by the aforementioned standards expires, unless there is a need for the further storage of the data to conclude a contract or fulfill a contract. The data is blocked and not processed for other purposes. For instance, this applies to data, which must be retained for reasons subject to commercial or tax laws.

According to legal requirements, retention is, in particular, carried out for 6 years in accordance with § 257 sec. 1 of the German Commercial Code (HGB) (trading books, inventories, opening balance sheets, annual accounts, business letters, accounting records, etc.) and for 10 years in accordance with § 147 sec. 1 of the General Tax Code (AO) (books, records, management reports, accounting records, commercial and business letters, documents relevant to taxation, etc.).

We take appropriate technical measures in accordance with art. 32 of the GDPR, taking the best available technology, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons into account and appropriate technical and organisational measures, to ensure a level of protection appropriate for the risk; in particular, measures include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data as well as access it is affected by, input, disclosure, securing availability and its separation. Furthermore, we have established procedures, which ensure data subject rights being able to be exercised, data erasure and a reaction to data vulnerability. Moreover, we already consider the protection of personal data in the development phase or selection of hardware, software as well as procedures, according to the principle of data protection by technology design and by privacy-friendly default settings (article 25 of the GDPR).

In particular, the encrypted transfer of data between your browser and our server belongs to the security measures. This also applies to the transmission of emails between our server and our clients.

We kindly ask you to stay informed regarding the content of our privacy policy. We will adjust the privacy policy as soon as changes in the data processing we conduct require it. We will notify you as soon as the changes require your becoming active (e.g. consent) or other individual notification becomes necessary.

You can request a confirmation from the controller on whether or not we have processed your personal data.

If your personal data has been processed, you can request to be informed of the following:

• the purposes for wich the personal data is processed;
• the categories of personal data, wich are processed;
• the recipients or categories of recipients, to whom your personal data was disclosed or will be disclosed;
• the planned duration of the storage of your personal data or, if specific information is not available here, criteria for determining the duration of storage;
• the existence of a right to rectification or erasure of your personal data, a right to the restriction of processing by the controller or a right to object to such processing;
• the existence of the right to lodge a complaint with a supervisory authority;
• all available information on the source of the data if the personal data is not collected from the data subject;
• the existence of automated decision-making including profiling according to art. 22 sec. 1 and 4 of the GDPR and – at least in These cases – conclusive information

the logic involved as well as the scope and intended effects of such processing for the data subject.

You have the right to request information on whether or not your personal data is transmitted to a third country or an international organisation. In this context, you can request being informed about the appropriate guarantees in accordance with art. 46 of the GDPR in connection with the transmission.

This right of access can, insofar, be limited to the extent it is likely to render impossible or seriously affect the realisation of research or statistical purposes and the restriction is required to fulfil the research or statistical purposes.

You have a right to rectification and/or completion vis-á-vis the controller if your processed personal data is incorrect or incomplete. The controller must make the correction without delay.

Your right to rectification can, insofar, be limited to the extent it is likely to render impossible or seriously affect the realisation of research or statistical purposes and the restriction is required to fulfil the research or statistical purposes.

You can request a restriction of the processing of your personal data under the following conditions:

• if you contest the accuracy of your personal information for a period of time, which allows the controller to review the accuracy of the personal data;
• the processing is illegal and you object to the erasure of the personal data and instead, request the restriction of the use of the personal data;
• the controller no longer requires the personal data for the purpose of processing however, you require it to assert, exercise or defend legal claims or
• if you objected to processing pursuant to art. 21 sec. 1 of the GDPR and it is not yet determined whether the controller’s legitimate reasons override your reasons.

If the processing of your personal data has been restricted, this data can only be processed – with the exception of its storage – with your consent and for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural person or legal entity or for reasons of a significant public interest of the Union or of a Member State.

If processing was restricted according to the preceding conditions, you will be informed by the controller before the restriction is lifted.

Your right to restriction of processing can, insofar, be limited to the extent it is likely to render impossible or seriously affect the realisation of research or statistical purposes and the restriction is required to fulfil the research or statistical purposes.

a)     Obligation to erase

You can request the controller to immediately erase your personal data and the controller is obligated to immediately erase said data, provided that one of the following reasons applies:

• Your personal data is no longer required for the purpose, for wich it was collected or otherwise processed.
• You revoke your consent, wich was based on processing in accordance with art. 6 sec. 1 lit. a or 9 sec. 2 lit. a of theGDPR and there is no other legal basis for processing.
• You object to processing in accordance with art. 21 sec. 1 of the GDPR and there are no overriding legitimate reasons for said processing or you object to processing in accordance with art. 21 sec. 2 of the GDPR.
• Your personal data was processed illegally .
• The erasure of your personal data is required to fulfill a legal Obligation under European Union law or the law of the Member States, wich the controller is subject to.
• Your personal data was collected with regard to the offers of information society services in accordance with art. 8 sec. 1 of the GDPR.

b)     Information to third parties

If the controller publicised your personal data and is obligated to erase it in accordance with art. 17 sec. 1 of the GDPR, the controller will take appropriate measures taking the available technology and implementation costs into account, including technical means, to inform data controllers, which process the personal data, that you have requested them to erase all links pertaining to this personal data or copies or replications of this person data.

c)     Exceptions

There is no right to erasure if the processing is required

• to exercise the right to freedom of expression and information;
• to fulfill a legal obligation required by the law of the European Union or the Member States, which the controller is subject to or to carry out a task in the public interest or is carried out in exercising official authority, which was delegated to the controller;
• for reasons of public interest in the field of public health in accordance with art. 9 sec. 2 lit. h and i as well as art. 9 sec. 3 of the GDPR;
• for archival purposes of public interest, scientific or historical research purposes or for statistical purposes in accordance with article 89 sec. 1 of the GDPR, to the extent that the law referred to in section a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
• to assert, exercise or defend legal claims.

If you asserted the right to rectification, erasure or restriction of processing vis-á-vis the controller, the controller is obligated to notify all recipients, to which your personal data was disclosed, of this correction or erasure of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have the right to request the controller to inform you of these recipients.

You have the right to receive the personal data you provided to the controller in a structured, prevalent and machine-readable format. You also have the right to transfer this data to another controller without any hindrance by the controller the personal data was made available to, provided that

• the processing is based on consent in accordance with art. 6 Abs. 1 lit. a GDPR or art. 9 sec. 2 lit. a of the GDPR or on a contract in accordance with art. 6 sec. 1 lit. b of the GDPR and
• processing is conducted using automated procedures.

In exercising this right, you also have the right to initiate that your personal data is directly transmitted to another controller by a controller, insofar as this is technically feasible. The freedoms and rights of other persons can not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or which takes place in exercising official authority, which was delegated to the controller.

You have the right to object to the processing of your personal data at any time for reasons that arise from your particular situation and which is carried out in accordance with art. 6 sec. 1 lit. e or f of the GDPR; this also applies to a profiling based on these provisions.

The controller will no longer process your personal data unless it can verify compelling grounds for processing worthy of protection, which override your interests, rights and freedoms or processing serves asserting, exercising or defending legal claims.

If your personal data is processed to engage in direct advertising, you have the right to object to this processing of your personal data for the purpose of such advertising at any time; this also applies to profiling, insofar as it is associated with such direct advertising.

If you object to processing for the purpose of direct advertising, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58/EC, you have the option, in connection with the use of information society services, of exercising your right to object using automated procedures, which apply technical specifications.

You also have the right, for reasons that arise from your particular situation, to object to the processing of your personal data, which takes place for scientific or historical research purposes or for statistical purposes in accordance with art. 89 sec. 1 of the GDPR.

Your right to object can, insofar, be limited to the extent it is likely to render impossible or seriously affect the realisation of research or statistical purposes and that the restriction is required to fulfil the research or statistical purposes.

You have the right to revoke your consent in line with data privacy at any time. The revocation of consent does not affect the legality of processing conducted based on consent until the revocation has been effected.

You have the right not to be subjected to a decision-making process based solely on automated processing – including profiling – which will have a legal effect on you or which will significantly affect you in a similar manner. This does not apply if the decision

• is required for the conclusion or implementation of a contract between you and the controller,
• is permissible based on Union or Member State legislation, which the controller is subject to and these statutory provisions contain adequate measures, to safeguard your rights and freedoms and your legitimate interests or
• take place with your explicit consent.

However, these decisions cannot be based on special categories of personal data according to art. 9 sec. 1 of the GDPR, unless art. 9 sec. 2 lit. a or g of the GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.

Regarding the cases referred to in (1) and (3), the controller will take appropriate measures to uphold the rights and freedoms and your legitimate interests, which at least include the right to obtain the intervention of an individual on the part of controller, to express one’s own position and be heard on contesting the decision.

Regardless of any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular, in the Member State of your abode, place of work or place of alleged violation if you believe, that the processing of your personal data violates the GDPR.

The supervisory authority the complaint was lodged with must inform the complainant of the status and results of the complaint including the possibility of a judicial remedy in accordance with art. 78 of the GDPR.

Our website is provided by our provider, with whom we have concluded a job processing contract. They provide us with infrastructure, storage space on the web server and technical support for the website.

Every time our website is called up our server automatically records data and information from the computer system of the computer making the call.

The following data is collected in the process:

• The user’s IP address,
• Date and time of the access,
• The http request method (GET, POST etc.),
• The transmission protocol used (http1.0, http1.1 etc.),
• Status information of the server (call successful, redirection etc.),
• Data quantity transmitted,
• Websites from which the user’s system came to our website,
• The address of the site making the call including per GET transferred data and
• Information about the browser type, the version used and the user’s operating system.

In the case of a security-relevant incident all headers of the http communication between the browser and server, as well as the contents sent back to the server answer, will also be logged.

The data will also be stored in our system’s logfiles. This data will not be stored together with user personal data.

The legal basis for temporary storage of data and logfiles is Art. 6 (1) f of the GDPR.

It is necessary for the system to store the IP address temporarily so as to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address has to be stored for the duration of the session.

This storage is made in logfiles so as to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. This data will not be evaluated for marketing purposes.

Our legitimate interest in these purposes can also be found in Art. 6 (1) f of the GDPR.

Data will be erased as soon as it is no longer required for the purpose of its collection. If data is recorded to provide the features of the website, this data be the erased once the relevant session has been ended.

If data is recorded in logfiles, this will be the case after fourteen days at the latest. Storage beyond this period is possible. In this case users’ IP addresses will be erased or masked so that no allocation to the client will be possible.

Recording data to provide the website and storing the data in logfiles is essential for operating the website. The user cannot object to this.

Our website uses cookies. Cookies are pieces of information transferred from our web server or third party-web servers to users’ web browsers and stored there to be called up later. Cookies may be small files or other types of information storage. Cookies contain characteristic strings that enable a clear identification of the browser.

We use so-called session cookies, which are only placed for the duration of the current visit to our website.

This is necessary in order to realise the functionality of our website. For example, this is the only way to enable your login status to be stored or the shopping basket to be provided and thus to use our online range at all.

A randomly generated, clear identification number will be placed in a session cookie, a so-called session ID. A cookie also includes disclosures about its origin and the duration of storage. These cookies cannot store any other data. Session cookies will be erased once you end your use of our online range and e.g. log out or close the browser.

Furthermore, currently we do not use cookies on our website, e.g. to analyse the browsing behaviour of users. The analysis of visitor access based on the pages accessed and the data transmitted by your system.

The following data can be transmitted in this manner:

• Search terms entered
• Utilisation of website functions

The user data collected in this manner is pseudonymised through technical precautions.

The legal basis for processing personal data when using technically necessary cookies is Art. 6 (1) f of the GDPR.

The purpose of using technically necessary cookies is to simplify the use of the website for users. Some functions of our website cannot be offered without the use of cookies. It is necessary for these functions that the browser is recognised again, including after changing pages.

The following are examples of applications that require cookies:

• Login, shopping basket and ordering process in an online shop
• Storing language settings
• Storing currency settings in an online shop
• Noting search terms

User data collected by technically necessary cookies will not be used to generate user profiles.

Our legitimate interest in processing personal data can also be found in Art. 6 (1) f of the GDPR.

Cookies are stored on the user’s computer and transmitted from it to our website. Therefore, you as the user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that are already stored can be erased at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website in full.

Many marketing companies use cookies to measure reach and for advertising purposes. You can object to the use of these cookies,

• Via the deactivation site of the network advertising initiative (optout.networkadvertising.org),
• the US website (aboutads.info/choices) or
• the European website (youronlinechoices.com/uk/your-ad-choices).

On our website we use the open source software tool Matomo (formerly PIWIK) to analyze user behavior. If individual pages of our website are accessed, the following data is stored by the software:

• the first two bytes of the IPv4 address or the first six bytes of the IPv6 address of the calling system of the user (anonymous form),
• the website accessed,
• the website from which the user accessed the called website (referrer),
• the subpages that are called from the called web page,
• the time spent on the site,
• Frequency of a call of a site.

The software runs exclusively on the servers of our provider. A storage of the personal data of the users takes place only there. The data will not be passed on to third parties.

The software is configured so that IP addresses such as 123.456.789.123 or 2a01:4f8:191:5d00:136:243:202:140 are not stored completely, but the last two bytes of the IPv4 address or the last ten bytes of the IPv6 address are masked, so that an assignment of the shortened IP address 123.456.000.000 or 2a01:4f8:191:: to the calling computer is no longer possible.

The legal basis for processing personal data is Art. 6 (1) f of the GDPR.

Processing users’ personal data enables us to analyse the surfing behaviour of our users. By evaluating the data we have acquired, we are in a position to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user friendliness. Our legitimate interest in processing data for these purposes can also be found in Art. 6 (1) f of the GDPR. By anonymising the IP address users’ interests in protecting their personal data are sufficiently taken into account.

The data is deleted as soon as it is no longer needed for our recording purposes.

The deletion takes place monthly, i.e. after 31 days at the latest.

Cookies are stored on the user’s computer and transmitted to our site by the user. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that all functions of the website can no longer be used to their full extent.

On our website, we offer our users the option of opting out of the analysis process. Here a cookie is set on your system, which signals to our system not to store the user’s data. If the user deletes the corresponding cookie from his own system in the meantime, he must set the opt-out cookie again.

Further information on the privacy settings of the Matomo software can be found at the following link: https://matomo.org/docs/privacy/

Alternatively, users can tell us with their browser that they do not want us to perform an analysis. The do-not-track technology we use is a way for users to decide for themselves whether their behaviour is being tracked by websites, advertising networks and social networks. If users have set their browser to “I don’t want to be tracked,” Mamoto will not record those visits.

Instructions for Do-not-Track can be found here:

• Mozilla Firefox
  https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen
• Google Chrome
  https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DDesktop&hl=de
• Safari
  https://support.apple.com/de-de/guide/safari/sfri40732/mac
• Microsoft Internet Explorer 11
  https://support.microsoft.com/de-de/help/17288/windows-internet-explorer-11-use-do-not-track
• Microsoft Edge (Windows 10)
  https://privacy.microsoft.com/de-de/windows-10-microsoft-edge-and-privacy
• Opera
  http://help.opera.com/Windows/12.10/de/notrack.html

Wir betreiben eine Fanpage auf dem sozialen Netzwerk Facebook und greifen dazu auf die technische Plattform und die Dienste von Facebook zurück

Der Europäische Gerichtshof (EuGH) hat in seinem Urteil vom 5. Juni 2018 entschieden, dass der Betreiber einer Facebook-Fanpage gemeinsam mit Facebook für die Verarbeitung personenbezogener Daten verantwortlich ist. Die Verantwortung für unsere Fanpage tragen wir daher gemeinsam mit Facebook (Artikel 26 DSGVO). Die Zusatzvereinbarung hierzu finden Sie unter: facebook.com/legal/terms/page_controller_addendum

Wir weisen Sie zunächst darauf hin, dass Sie unsere Facebook-Fanpage und ihre Funktionen in eigener Verantwortung nutzen. Dies gilt insbesondere für die Nutzung der interaktiven Funktionen (z.B. Kommentieren, Teilen, Bewerten). Alternativ können Sie die über diese Seite angebotenen Informationen auch auf unserem Internet-Angebot unter www.treuhand.de abrufen.

Beim Besuch unserer Facebook-Seite erfasst Facebook u.a. Ihre IP-Adresse sowie weitere Informationen, die in Form von Cookies auf Ihrem PC vorhanden sind. Diese Informationen werden verwendet, um uns statistische Informationen über die Inanspruchnahme der Fanpage zur Verfügung zu stellen. Nähere Informationen hierzu stellt Facebook unter folgendem Link zur Verfügung: facebook.com/help/pages/insights

Im Rahmen unseres Facebook-Auftritts verarbeiten wir Facebook-Insights-Daten. Hierbei handelt es sich um statistische Daten wie die Gesamtzahl von Seitenaufrufen, „Gefällt mir“-Angaben, Seitenaktivitäten, Beitragsinteraktionen, Videoansichten, Beitragsreichweite, Kommentare, geteilte Inhalte, Antworten, Anteil Männer und Frauen, Herkunft bezogen auf Land, Stadt und Sprache. Auf die Art der zur Verfügung gestellten Daten haben wir keinen Einfluss.

Die von Facebook zur Verfügung gestellten Daten werden von uns genutzt, um unsere Beiträge attraktiver zu gestalten, Zielgruppen direkt anzusprechen und den richtigen Zeitpunkt der Veröffentlichung zu finden.

Die Verwendung der Facebook-Insights-Daten durch uns erfolgt gemäß Artikel 6 Absatz 1 f) DSGVO.

Die bei der Nutzung unserer Fanpage über Sie erhobenen Daten werden von der Facebook Ltd. verarbeitet und dabei gegebenenfalls in Länder außerhalb der Europäischen Union übertragen. Es ist davon auszugehen, dass Facebook die Daten für Werbezwecke, die Erstellung von Nutzerprofilen sowie zu Marktforschungszwecken verarbeitet. Welche Informationen Facebook verarbeitet, beschreibt Facebook in allgemeiner Form in seinen Datenverwendungsrichtlinien. Dort finden Sie auch Informationen über Kontaktmöglichkeiten zu Facebook sowie zu den Einstellmöglichkeiten für Werbeanzeigen. Die Datenverwendungsrichtlinien sind unter folgendem Link verfügbar: facebook.com/about/privacy

Die vollständigen Datenrichtlinien von Facebook finden Sie hier: facebook.com/full_data_use_policy

Zusätzliche Informationen finden Sie in den Datenschutzinformationen von Facebook unter: facebook.com/help/568137493302217 und den Informationen zu Seiten-Insights-Daten facebook.com/legal/terms/information_about_page_insights_data .

In welcher Weise Facebook die Daten aus dem Besuch von Facebook-Seiten für eigene Zwecke verwendet, in welchem Umfang Aktivitäten auf der Facebook-Seite einzelnen Nutzern zugeordnet werden, wie lange Facebook diese Daten speichert und ob Daten aus einem Besuch der Facebook-Seite an Dritte weitergegeben werden, wird von Facebook nicht abschließend und klar benannt und ist uns nicht bekannt.

Beim Zugriff auf eine Facebook-Seite wird die Ihrem Endgerät zugeteilte IP-Adresse an Facebook übermittelt. Nach Auskunft von Facebook wird diese IP-Adresse anonymisiert und nach 90 Tagen gelöscht. Facebook speichert darüber hinaus Informationen über die Endgeräte seiner Nutzer (z.B. im Rahmen der Funktion „Anmeldebenachrichtigung“); gegebenenfalls ist Facebook damit eine Zuordnung von IP-Adressen zu einzelnen Nutzern möglich.

Wenn Sie als Nutzerin oder Nutzer aktuell bei Facebook angemeldet sind, befindet sich auf Ihrem Endgerät ein Cookie mit Ihrer Facebook-Kennung. Dadurch ist Facebook in der Lage nachzuvollziehen, dass Sie diese Seite aufgesucht und wie Sie sie genutzt haben. Dies gilt auch für alle anderen Facebook-Seiten. Anhand dieser Daten können Inhalte oder Werbung auf Sie zugeschnitten angeboten werden.

Wenn Sie dies vermeiden möchten, sollten Sie sich bei Facebook abmelden bzw. die Funktion „angemeldet bleiben“ deaktivieren, die auf Ihrem Gerät vorhandenen Cookies löschen und Ihren Browser beenden und neu starten. Auf diese Weise werden Facebook-Informationen, über die Sie unmittelbar identifiziert werden können, gelöscht. Damit können Sie unsere Facebook-Seite nutzen, ohne dass Ihre Facebook-Kennung offenbart wird. Wenn Sie auf interaktive Funktionen der Seite zugreifen (Gefällt mir, Kommentieren, Teilen, Nachrichten etc.), erscheint eine Facebook-Anmeldemaske. Nach einer etwaigen Anmeldung sind Sie für Facebook erneut als bestimmbare Person erkennbar.

Informationen dazu, wie Sie über Sie vorhandene Informationen verwalten oder löschen können, finden Sie auf folgenden Facebook Support-Seiten: facebook.com/about/privacy#.php.

There is a contact form on our website that can be used to make contact electronically. If the user makes use of this possibility, all the data entered in the relevant screen will be transmitted to us and stored.

The following data will also be stored at the time of sending the message:

• The user’s IP address,
• Date and time of registration

Your consent will be obtained to process the data during the sending procedure and you will be referred to this Privacy Policy.

Alternatively, it is possible to make contact using the email address provided. In this case the user’s personal data transmitted with the email will be stored.

No data will be transferred to third parties in this connection. The data will be used exclusively to process the conversation.

The legal basis for processing this data is the existence of the user’s consent as per Art. 6 (1) a of the GDPR.

The legal basis for processing the data transmitted when sending an email is Art. 6 (1) f of the GDPR. If the aim of the email contact is to conclude a contract, an additional legal basis for this processing is Art. 6 (1) b of the GDPR.

The collection of the user’s email address is intended to deliver the newsletter.

The collection of any other personal data as part of the login procedure is intended to prevent any misuse of the services or the email address used and as proof that you have subscribed to the newsletter.

Data will be erased as soon as it is no longer required for the purpose of its collection. Accordingly, the user’s email address will be stored for as long as the newsletter subscription is active. Due to the burden of proof this also applies to any other personal data collected as part of the login procedure.

Within our online range we use third-party provider offers so as to include their contents and services, such as fonts, graphics, videos, maps, information etc. When calling up our website your browser will make a direct connection with the third-party provider’s servers so as to display the necessary contents. As a result, the corresponding third-party provider will receive information about the time and contents of use of this website, including users’ IP addresses. Depending on the service, additional information (e.g. geo-data for a route planner) may also be transmitted to the third-party provider.

We do not have any influence over the scope, further processing or use of data collected by third-party providers.

Third-party providers frequently use cookies so as to analyse user behaviour across different websites and to combine this information with other sources. This also applies to the use of so-called web beacons, small invisible graphics used for statistical or marketing purposes.

We refer to the third-party provider privacy policies for the concrete scope of data processing.

The legal basis for processing this data is Art. 6 (1) f of the GDPR. Third-party providers that process data outside the EU, process it in accordance with the Privacy Shield Framework.

The legal basis for processing this data is Art. 6 (1) f of the GDPR. Third-party providers that process data outside the EU, process it in accordance with the Privacy Shield Framework.

The duration of storage of the data can be taken from the third-party providers’ privacy policies.

You can generally prevent the integration of contents and services from third parties on our website by deactivating the use of Javascript in your browser. If the use of Javascript is deactivated for our website, it may no longer be possible to use all the functions of the website in full.

We refer to the third-party providers’ privacy policies for the possibility to object and for rectification.

Content:

Maps from OpenStreetMap (via proxy so the user’s IP address is not transmitted to the third-party provider)

Third party supplier:

Openstreetmap Foundation
132 Maney Hill Road
Sutton Coldfield
West Midlands B72 1JU
United Kingdom

Data protection: https://wiki.openstreetmap.org/wiki/Privacy_Policy.