21614 Hansestadt Buxtehude
Tel.: +49 4161 732 8181
Managing Director/Owner: Andy Damnig
Types of data processed
– Inventory data (e.g.: personal information, names or addresses).
– Contact data (e.g.: e-mail, phone numbers).
– Content data (e.g.: text entries, photographs, videos).
– Usage data (e.g.: websites visited, interest in content, access times).
– Meta/communication data (e.g.: device information, IP addresses).
Categories of data subjects
Visitors and users of the online offer (we hereinafter refer to the data subjects collectively as “Users”).
The purpose of the processing
– Provision of the online offer, its functions and content.
– Respond to contact requests and communication with users.
– Safety measures.
– Range measurement/marketing.
“Personal data” is any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); a person is regarded as identifiable when they can be identified, directly or indirectly, in particular by being linked to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookies) or to one or more specific physical, physiological, genetic, mental, economic, cultural or social identity characteristics of this natural person.
“Processing” means any procedure carried out with or without the help of automated processes or any such series of procedures in connection with personal data. The term is extensive and covers virtually every use of data.
‘Pseudonymisation’ is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
“Profiling” is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyses or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
The natural or legal person, public authority, agency or other body which alone or jointly with others decides the purposes and means of the processing of personal data is referred to as the “responsible party”.
The “processor” is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the responsible party.
Relevant legal foundations
The legal basis for obtaining consent is section 6 paragraph 1 letter a and section 7 of the GDPR;
The legal basis for the processing in order to provide our services and carry out contractual activities as well as to respond to enquiries is section 6 paragraph 1 letter b of the GDPR;
The legal basis for the processing in order to fulfil our legal obligations is section 6 paragraph 1 letter c of the GDPR;
In the event that the vital interests of the data subject or another natural person require the processing of personal information, section 6 paragraph 1 letter d of the GDPR serves as the legal basis.
The legal basis for the required processing in order to perform a task carried out in the public interest or in the exercise of public authority assigned to the responsible party is section 6 paragraph 1, letter e of the GDPR.
The legal basis for the processing in order to exercise our legitimate interests is section 6 paragraph 1 letter f of the GDPR.
The processing of data for purposes other than those for which they were obtained is governed by section 6 paragraph 4 of the GDPR.
The processing of special categories of data (in accordance with section 9 paragraph 1 of the GDPR) is governed by the specifications of section 9 paragraph 2 of the GDPR.
In accordance with the legal regulations and taking into consideration the state of the art, the implementation costs along with the type, scope, circumstances and the purposes of the processing as well as the different probabilities of occurrence and the severity of the risk for the rights and freedoms of natural persons, we shall take appropriate technical and organisational measures to ensure an adequate level of protection.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data as well as the relevant access, input, disclosure, securing the availability and the separation. We have also implemented procedures that guarantee the rights of the data subject, the right to deletion of data and response to risks to the data. In addition, we have taken into consideration the protection of personal data during the development or selection of hardware, software and procedures in accordance with the principle of the data protection through design and configurations that promote data protection.
Cooperation with order processors, jointly responsible parties and third parties
If, in the context of our data processing, we disclose data to any other persons or companies (order processors, jointly responsible parties or third parties), transmit or otherwise grant them access to the data, this is only carried out on a legally permissible basis (for example, if the transmission of data to third parties such as to payment service providers is required for the fulfilment of the contract), if users have given their consent, a legal obligation requires such or on the basis of our legitimate interests (e.g. due to the use of agents, web hosts, etc.).
If we disclose data to other companies within our group of companies, transmit or otherwise grant them access, this is carried out, in particular, for administrative purposes as a legitimate interest and, furthermore, in accordance with the corresponding legal basis.
Transfers to third countries
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA) or outside of the Swiss Confederation) or within the framework of the use of services from third parties or this takes place when utilising third-party services due to disclosure or transfer of the data to other persons or companies, this is only carried out in order to fulfil our (pre-)contractual obligations on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have data processed in a third country where the legal requirements exist. This means that the processing is carried out, for example, on the basis of special guarantees such as the officially recognised determination of a data protection level corresponding to the EU (for example, due to the “privacy shield” for the United States) or compliance with officially recognised special contractual obligations.
Rights of the data subject
You have the right to obtain confirmation as to whether the corresponding data is processed and to request information about this data and also for additional information and a copy of the data according to the legal requirements.
You have the right, in accordance with the legal requirements, to demand the completion of your data or the correction of inaccurate data.
As stipulated by the legal requirements, you have the right to demand that your data be deleted immediately or, alternatively, demand the restriction of the processing of the data in accordance with the legal regulations.
You have the right to demand the personal data that you have provided to us in accordance with the legal requirements and request it be transferred to another responsible party.
Furthermore, you also have the right, in accordance with the legal requirements, to lodge a complaint with the responsible supervisory authority.
Right of revocation
You have the right to revoke consent granted, effective for the future.
Right of objection
You can object to the future processing of your personal data in accordance with the legal regulations at any time. The objection can apply, in particular, to the processing for purposes of direct marketing.
Cookies and right of objection to direct advertising
“Cookies” are small files that are stored on the users’ computers. Diverse information can be stored in the cookies. A cookie’s primary purpose is to save the information about a user (or the device on which the cookie is stored) during or even after the visit to an online offer. Cookies that will be deleted after a user leaves an online offer and closes the browser are referred to as temporary cookies, namely “session cookies” or “transient cookies”. Such a cookie can save, for example, the contents of a shopping basket in an online shop or a login status. Cookies which remain stored even after closing the browser are referred to as “permanent” or “persistent” cookies. For example, the login status can be saved when the users return to the website several days later. Such a cookie can also store the interests of users which are used for range measurement or marketing purposes. Cookies from providers other than the responsible party that operates the online offer are referred to as “third-party cookies” (cookies exclusively from the responsible party are referred to as “first party cookies”).
If users do not want cookies to be saved on their computer, they are requested to disable the relevant option in the system settings of their browser. Saved cookies can be deleted via the system settings of the browser. The exclusion of cookies can result in functional limitations of this online offer.
Deletion of data
If the data is not deleted because it is required for other legally permissible purposes, then its processing shall be restricted. This means that the data shall be locked and will not be processed for other purposes. This applies, for example, for data that must be retained due to commercial or tax law.
We process the data of our contract partners and other interested parties as well as other clients, customers or contract partners (uniformly referred to as “contract partners”) in accordance with section 6 paragraph 1 letter b of the GDPR in order to provide them with our contractual or pre-contractual services. The processed data, the type, scope, purpose and necessity of processing are determined by the fundamental contractual relationship.
The processed data includes the master data of our contract partners (e.g. names and addresses), contact information (such as e-mail addresses and telephone numbers) as well as contract data (e.g., services used, contract contents, contractual communication, names of contact persons) and payment information (e.g. bank details, payment history).
We do not generally process special categories of personal data unless these are an integral part of ordered or contractual processing.
We process data that is required for the justification and fulfilment of the contractual services and refer to the necessity for its provision if this is not evident to the contract partner. Data is only disclosed to external persons or companies if this is required as part of a contract. When processing of the data provided to us in the context of an order, we act in accordance with the instructions provided by the customer as well as the statutory regulations.
In the context of the use of our online services, we can save the IP address and the time of the respective user activity. The storage is carried out on the basis of our legitimate interests as well as in the interests of the users to protect against misuse and other unauthorised use. This data is not transferred to third parties unless this is required in order to pursue our claims in accordance with section 6 paragraph 1 letter f of the GDPR or a legal obligation in accordance with section 6 paragraph 1 letter f of the GDPR exists.
The data is deleted if the data is no longer required for the fulfilment of contractual or statutory obligations or to address any warranty and comparable obligations, whereby the need for the storage of the data is reviewed every three years; in all other cases, the statutory retention obligations apply.
Administration, financial accounting, office organisation, contact management
We process data in the context of administrative tasks and the organization of our operations, financial accounting and compliance with legal obligations such as the archiving. In these cases, we process the same data which we also process as part of the provision of our contractual services. The legal basis for this processing is section 6 paragraph 1 letter c of the GDPR and in accordance with section 6 paragraph 1 letter f of the GDPR. The processing affects customers, prospective customers, business partners, and site visitors. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation and data archiving, namely activities that serve to maintain our business activities, perform our duties and provide our services. The deletion of the data with regard to the contractual services and the contractual communication corresponds to the information referred to in these processing activities.
We disclose or transmit this data to the financial management, consultants such as tax consultants or auditors as well as other fee collection authorities and payment service providers.
In addition, on the basis of our business interests, we save information on suppliers, event organisers and other business partners, for example, for the purpose of later contact. We store the majority of this business-related data on a permanent basis.
Economic analyses and market research
In order to operate our business economically, identify market trends and the needs of contract partners and users, we analyse the data available to us regarding business transactions, contracts, enquiries, etc. We process inventory data, communication data, contract data, payment data, usage data and meta-data based in accordance with section 6 paragraph 1 letter f of the GDPR, where the data subjects consist of contract partners, prospective customers, customers, visitors and users of our online offer.
The analyses are carried out for the purpose of business evaluations, marketing and market research. In the process, we can take into account the profiles of the registered users, for example, such as information on the services they have used. The analyses help us to improve the user-friendliness, to optimise our offer and the operating efficiency. The analyses are used exclusively by us and are not disclosed externally with the exception of anonymous analyses with aggregated values.
If these analyses or profiles relate to specific persons, they are deleted or made anonymous when the user terminates the contract or otherwise two years from the date of conclusion of the contract. In addition, the overall business analyses and general trend analyses are created anonymously wherever possible.
When contacting us (e.g. via the contact form, e-mail, telephone or via social media), the information of the user is processed in order to fulfil the contact request and its processing in accordance with section 6 paragraph 1 letter b of the GDPR (in the context of contractual/pre-contractual relations)or section 6 paragraph 1 letter f of the GDPR (other enquiries). The information provided by the users can be saved in a customer relationship management system (“CRM System”) or a comparable enquiry organisation.
We delete the enquiries as soon as they are no longer required. We review the necessity every two years. Furthermore, the statutory archiving obligations apply.
Hosting and e-mail
The hosting services that we utilise serve to provide the following services: Infrastructure and platform services, computing capacity, storage space, and database services, e-mail, security services as well as technical maintenance services which we use for the purposes of the operation of this online offer.
In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data from customers, prospective customers and visitors of this online offer on the basis of our legitimate interests with regard to efficient and secure provision of this online offer in accordance with section 6 paragraph 1 letter f of the GDPR and section 28 of the GDPR (conclusion of order processing contracts).
Collection of access data and log files
We or our hosting provider collect data about each access to the server on which this service is operated (server log files) on the basis of our legitimate interests in accordance with section 6 paragraph 1 letter f of the GDPR. The access data includes the name of the web page accessed, the file, date and time of the access, amount of data transferred, notification of successful access, web browser with version, the operating system of the user, referrer URL (the page previously visited), IP address, and the requesting provider.
For security reasons (e.g. to investigate misuse or fraudulent activities), log file information is saved for a maximum period of 7 days and then deleted. Data which must be stored for longer periods as evidence is excluded from deletion until the final resolution of the respective incident.
Range measurement with Matomo
In the context of the range analysis from Matomo, the following data is processed on the basis of our legitimate interests (i.e., in the interest of analysis, optimisation and economic operation of our online offer in accordance with section 6 paragraph 1 letter f of the GDPR): your browser type and browser version, operating system, your country of origin, the date and time of the server request, the number of visits, your time spent on the website as well as the external links clicked. The IP address of the user is anonymised before it is saved.
Users can object to the anonymised data collection by the Matomo program at any time with effect for the future by clicking on the link below. In this case, an opt-out cookie stored in your browser and Matomo does not collect any session data as a result. If users delete their cookies, the opt-out cookie is deleted and must, therefore, be reactivated by the users.
User data logs will be deleted after 6 months at the latest.
Integration of services and content from third parties
Within our online offer and on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer in accordance with section 6 paragraph 1 letter f of the GDPR), we utilise content or service offers from third-parties in order to integrate their content and services, such as videos or fonts (hereinafter referred to uniformly to as “content”).
This always requires that the third-party providers of this content see the IP address of the users as they cannot send content to their browsers without the IP address. The IP address is, thus, necessary to display this content. We strive to use only such content whose respective provider only utilises the IP address for the delivery of the content. Third-party providers can also use pixel tags (invisible images also known as “web beacons”) for statistical and marketing purposes. The “pixel tags” information can be used to analyse information such as visitor traffic on the pages of this website. Furthermore, the anonymous information can also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system used, referring websites, visit time as well as further information about the use of our online offer and also be connected with such information from other sources.
Created with Datenschutz-Generator.de from RA Dr. Thomas Schwenke