Information about data protection
This page contains information about data protection in connection with our online offer, in particular relating to what personal data will be collected regularly, or in relation to a concrete enquiry, when visiting our website. We will also inform you about the purpose and the legal basis upon which processing takes place in each case, and what rights you have in this respect as a visitor to the website.
We have endeavoured to keep explanations as clear as possible and will be happy to answer any enquiries. You can find the corresponding contact data at the end of this document.
Note: Where terms such as “data controller”, “data subject”, “personal data”, “processing”, etc. appear in the following text, at these points we have used the definitions from Article 4 of the European General Data Protection Regulation (EU GDPR). You can find the text of the EU GDPR e.g. here: https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=CELEX:02016R0679-20160504.
Processing personal data
With our online offer, we would like to inform you of our products and services, among other things, and give you the chance to get in touch with us easily or to avail yourself of our services. Insofar as we process personal data within the framework of our online offer, beyond the core purpose this also takes place for each of the purposes respectively specified in this data protection declaration.
Accessing our online offer
In order for us to be able to transfer the content of our online offer that you access (e.g. pictures, text, documents) to your computer, we record the IP address that is assigned to your computer at the time of access. The legal basis of this processing is Article 6 Para. 1 lit b GDPR. We also use this data to combat improper use and to pursue associated criminal offences, and in this respect we base this on Article 6 Para. 1 lit f (our legitimate interest in this case: to ensure proper data processing and the availability of our online offer).
Insofar as you share personal data (name, address, contact details) with us within the framework of an enquiry, a booking or an order, these are exclusively used for the processing of this request, for the assignment of a requested offer or for the processing of a resultant contractual relationship. The legal basis of this processing is therefore Article 6 Para. 1 lit b GDPR. Without the availability and the processing of this data it is not possible to process your enquiry, booking or order. Nevertheless, insofar as the processing of data affecting you is based on your consent in individual cases (Article 6 Para. 1 lit a GDPR), you can revoke this consent at any time. However, this does not affect the legality of the processing conducted up until revocation.
Transfer to third parties
Insofar as we disclose your personal data to other persons and companies within the framework of processing (order processors or third parties), transfer data to these or grant them access in some other manner to this data, in each case this is only done on the basis of legal permission. This can result from contract fulfilment (Article 6 Para. 1 lit b GDPR) of a consent granted by you (Article 6 Para. 1 lit a GDPR), a legal obligation (Article 6 Para. 1 lit c GDPR) or due to our legitimate interests (Article 6 Para.1 lit f GDPR). This may be, for example, service providers in the Web hosting sector, email marketing, software development or service providers in customer care or order processing.
If we commission third parties to process your personal data, this is always done on the basis of a corresponding contract for order processing in accordance with Article 28 GDPR. We carefully select service providers and regularly check the observance of data protection with these partners. When transferring data we take precautions to ensure that persons other than the contractually-bound service provider do not gain knowledge of your personal data. The service providers commissioned by us are obligated by the order processing contract to exclusively process your data in accordance with our instructions and in accordance with the respectively applicable data protection standards. They are also prohibited from processing the data for any other reason than the agreed purpose.
We do not sell your data to third parties and do not market them in any other way.
If required for clarification of illegal use of our online offer or for prosecution, we will also transfer your personal data to law enforcement authorities without your explicit permission as well as to affected third parties, where applicable, insofar as concrete indications exist for illegal or abusive behaviour. Data transfer can also occur if this serves to implement conditions of use or other agreements. In addition, we are legally obligated to disclose information to certain public authorities upon request. These are law enforcement authorities, authorities that are empowered to impose fines and financial authorities. In these cases, the transfer of your data is based on our legitimate interest in the combating of abuse, the prosecution of criminal offences and the protection, validation and assertion of claims (Article 6 Para. 1 lit. f GDPR) or for fulfilment of a corresponding legal obligation (Article 6 Para. 1 lit c GDPR).
Transfers to third countries
Insofar as we process data in a third country (i.e. outside the European Union or the European Economic Area) or where this takes place within the framework of availment of services of third parties, or disclosure or transfer of data to third parties, we ensure that it only takes place within the framework of the aforementioned legal permissions, hence in general only for fulfilment of (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interest. Furthermore, we ensure that we only process personal data in a third country if special conditions exist in accordance with Article 44 ff. GDPR, that is, particularly on the basis of special guarantees such as the specification of a data protection level that corresponds to that of the European Union. This also includes the observation of officially acknowledged contractual obligations (standard contractual clauses of the European Union).
Security of data processing
We apply technical and organisational security measures to protect the personal data provided by you from accidental or deliberate manipulation, loss, destruction or unauthorised access by third parties. We also contractually demand these measures from our service providers that have contact with or that could gain contact to personal data. Insofar as you have the option of passing us personal data within the framework of our online offer (contact forms or similar), the transfer takes place using strong encryption.
Standard periods for the deletion of data
We routinely delete personal data when the deadlines for retention obligations set by the legislator have expired. Insofar as your personal data is not affected by this, it is deleted or anonymised when the purposes specified within the framework of this data protection declaration lapse. If this data protection declaration does not contain any other, deviating provisions with respect to the storage of data, the data collected by us will be stored as long as is necessary for the named purposes for which it was collected.
Misuse detection and prosecution
We will retain information for the detection of misuse and for the prosecution of misuse, especially the IP address recorded when accessing information from our online offer, for a maximum of 7 days. The legal basis for this is Article 6 Para. 1 lit. f GDPR. Here, our legitimate interest is in the trouble-free operation of our online offer and in the prevention of misuse or attacks on our online offer.
Temporary cookies (session cookies) are generally of fundamental importance to the function of our website. For example, this includes the assignment of anonymous session IDs to bundle several requests on a Web server or the faultless function of logins and orders. These temporary cookies are automatically deleted after the end of your visit. Other (persistent) cookies remain stored on your end device until you delete them. These cookies allow us to recognise your browser again on your next visit.
You can set your browser so that you are informed whenever cookies are set and to only allow cookies in individual cases, to exclude the acceptance of cookies in certain cases or in general and to activate automatic deletion of cookies when the browser is closed. If cookies are deactivated the functionality of this website can be restricted.
Cookies that are required to provide certain functions (e.g. shopping basket function) are stored on the basis of Art. 6 Para. 1 lit. f GDPR. As provider of these functions we have a legitimate interest in the storage of these cookies for the technically faultless and optimum provision of our services. Insofar as other cookies are stored (e.g. cookies for analysis of your surfing behaviour), we will refer to these separately at another point in this data protection declaration.
If you do not want cookies to be stored on your computer, you can deactivate the corresponding option in the system settings of your browser. Any cookies that are already stored can be deleted in the system settings of the browser. Independently of this, you can also generally declare an opposition to the use of direct marketing cookies and, where applicable, associated tracking on websites such as e.g. http://www.aboutads.info/choices/ (USA) or http://www.youronlinechoices.com/.
Your rights with respect to the processing of personal data
Right to information
You have the right to demand information about whether we are processing your personal data. If this is the case, in accordance with Article 15 Para. 1 GDPR we must provide information about
- the reasons for processing;
- the categories of personal data that are processed;
- the recipient or categories of recipients to whom the personal data has been disclosed or will be disclosed, especially in the case of recipients in third countries or international organisations;
- if possible, the planned duration for which the personal data will be stored, or, if this is not possible, the criteria for specifying this duration;
- the existence of a right to notification or deletion of your personal data or to restriction of processing by the data controller or a right to opposition to this processing;
- the existence of a right to complain to a supervisory authority;
- if the personal data is not collected from you, all available information about the origin of the data;
- the existence of an automated decision-making process including profiling in accordance with Article 22 Paragraphs 1 and 4 GDPR and – at least in these cases – meaningful information about the involved logic as well as the scope and the desired effects of such processing for you as the data subject.
The information is to be made available by us within one month of receipt of your enquiry. Please note that we may need proof of your identity so that we can comply with your claim for information.
Right to rectification of incorrect data
If your personal data is incorrect, you have the right to have this immediately corrected by us (Article 16 GDPR).
Right to erasure
Under certain circumstances, you have a right to immediate erasure of your personal data. This is the case if, for example, the personal data is no longer needed for the purposes for which it was originally collected, if you have revoked consent that is required for processing or a legal basis required for processing is not present for other reasons. The data must also be deleted if you have objected to processing and no overriding reasons exist for the processing of your personal data. In the case of direct advertising, the data must be deleted in any case if you have objected to its processing. You can find further details in Article 17 GDPR.
Right to restriction of processing
Under certain circumstances you have a right to restrict processing of your personal data (Article 18 GDPR). This is the case if, for example, the processing performed by us is not legal but you refuse to have it deleted, instead demanding that its use is restricted. In the same way, processing is to be restricted while we check whether our legitimate interests for processing outweigh your objection.
Right to data portability
Article 20 GDPR establishes your right to receive the data that affects you and that you have provided to us in a conventional, structured and machine-readable format, or to transfer this data to another data controller, for example another service provider. However, a prerequisite of this is that the processing of this data is based on consent or a contract, and takes place by means of automated processes.
Right of objection
In accordance with Article 21 GDPR, you have the right to submit an objection to the processing of your personal data if there are reasons for this that result from your particular situation, insofar as this is data that occurs on the basis of Article 6 Para. 1 lit. e or f GDPR. This also applies to profiling that is based upon these provisions. In this case, we will cease processing of the data, insofar as we cannot provide compelling and legitimate reasons for processing that outweigh your interests, rights and freedoms or if the processing serves for validation, exertion or defence of legal claims.
You can validate all of the aforementioned rights by post or by sending an email to us. You can find the corresponding contact data at the end of this document.
Right to lodge a complaint with a supervisory authority
You have the option of turning to a supervisory authority if you have concerns or concrete grievances with respect to the processing of personal data carried out by us. For example, you could contact the supervisory authority that is responsible for us:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (State Data Protection and Freedom-of-Information Officer North Rhine Westphalia)
PO Box 20 04 44
Telephone: +49 (0)211/38424-0
Fax: +49 (0)211/38424-10
Upon contacting us (e.g. via the contact form, email, telephone or via social media), the personal data you transfer will be processed for handling the contact request and its response in accordance with Art. 6 Para. 1 lit. b) GDPR.
This personal data will not be passed to third parties, insofar as this is not necessary for processing of the enquiry and is hence covered by permission in accordance with Article 6 Para. 1 lit. b GDPR.
We delete requests when processing is no longer required. We check necessity every two years; furthermore, the statutory archiving obligations apply.
We use hosting services from an external service provider for the provision of this online offer. Here, we or our hosting service provider process inventory data, contact data, content data, contractual data, utilisation data, meta and communication data of customers, prospective customers and visitors of this online offer on the basis of our legitimate interest for the efficient and secure provision of this online offer in accordance with Art. 6 Para. 1 lit. f GDPR.
We have concluded an agreement for order processing with the corresponding service provider in accordance with Art. 28 GDPR and thus guarantee that they will also implement data protection.
Collection of access data and log files
We or our hosting service provider collects protocols and statistics about each access to the server on which our online offer is provided. This access data includes the name of the accessed website, file, date and time of the access, transmitted data quantity, report about successful retrieval, browser type along with its version, the user’s operating system, referrer URL (the page visited beforehand), IP address and the requesting provider. The legal basis of this processing is Art. 6 Para. 1 lit. f. GDPR. Our legitimate interest lies in the technically faultless provision of this online offer and in the clarification of misuse or criminal offences.
For security reasons (e.g. the clarification of misuse or fraudulent actions), the aforementioned information will be stored for a maximum of 7 days and then deleted or completely anonymised. Data whose further storage for evidence purposes is necessary is excepted from the deletion until the respective case is finally clarified.
Range measurement with Matomo
This website uses the open source Web analysis service Matomo, via which we particularly implement range analyses. The legal basis for this is our legitimate interest in the analysis, optimisation and commercial operation of our website (Art. 6 Para. 1 lit f GDPR). When you access pages of our online offer, Matomo processes the following data:
- the browser type and browser version used by you,
- the operating system used by you,
- your country of origin,
- the date and time of the server query,
- the number of visits,
- the time you spend on the website and
- the external links that you activate.
Your recorded IP address is anonymised before it is stored.
You can object to anonymised data collection by the Matomo program at any time with effect for the future by clicking on the link below. In this case, a so-called opt-out cookie is placed in your browser, which means that Matomo will collect no more session data. However, the Matomo opt-out cookie will also be deleted if you delete your cookies in the browser. The opt-out then has to be activated again on your next visit to our website.
Link to opt-out
Telephone: +49 (0) 201 / 8917681
Fax: +49 (0) 201 / 8917682
This data protection information is valid as of 25th May 2018.