This data protection declaration clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) in the context of the provision of our services as well as within our online offer and the websites associated with it, Functions and content as well as external online presences, such as our social media profile (collectively referred to as the “Online Offer”). With regard to the terms used, such as “processing” or “responsible”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Types of data processed
– Inventory data (e.g., personal master data, names or addresses).
– Contact details (e.g., e-mail, telephone numbers).
– Content data (e.g., text input, photographs, videos).
– Usage data (e.g., websites visited, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).
Categories of affected persons
Visitors and users of the online offer (hereinafter we refer to the data subjects collectively also as “users”).
Purpose of processing
– Providing the online offer, its functions and content.
– Respond to contact requests and communicate with users.
– Security measures.
– Range measurement/marketing
‘Personal Data’ means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); identifiable is a natural person who is directly or indirectly, directly or indirectly, directly or indirectly, by means of an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more special characteristics. which are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
‘Processing’ means any operation carried out with or without the aid of automated procedures or any series of operations relating to personal data. The term goes far and includes virtually every handling of data.
‘pseudonymisation’ means the processing of personal data in such a way that personal data can no longer be assigned to a specific data subject without the use of additional information, provided that such additional data may be information is kept separately and subject to technical and organisational measures to ensure that the personal data is not assigned to an identified or identifiable natural person.
‘profiling’ means any type of automated processing of personal data consisting in the use of such personal data to assess certain personal aspects relating to a natural person, in particular in order to to analyse or predict the performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or relocation of this natural person.
“Responsible” means the natural or legal person, authority, body or other body which decides, alone or jointly with others, on the purposes and means of the processing of personal data.
‘processor’ means a natural or legal person, authority, body or other body processing personal data on behalf of the controller.
Relevant legal bases
In accordance with Article 13 GDPR, we shall inform you of the legal bases of our data processing. For users within the scope of the General Data Protection Regulation (GDPR), i.e. the EU and the EEC, unless the legal basis is mentioned in the data protection declaration, the following applies:
The legal basis for obtaining consent is Article 6(4) of the 1 lit. a and Article 7 GDPR;
The legal basis for the processing for the performance of our services and the implementation of contractual measures as well as answering requests is Art. 1 lit. b GDPR;
The legal basis for processing to fulfil our legal obligations is Article 6(4) of the 1 lit. c GDPR;
In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(4) of the 1 lit. d GDPR as legal basis.
The legal basis for the necessary processing to carry out a task which is in the public interest or carried out in the exercise of official authority, which has been entrusted to the controller, is Article 6(4) of the 1 lit. e GDPR.
The legal basis for processing in order to safeguard our legitimate interests is Article 6(4) of the 1 lit. f GDPR.
The processing of data for purposes other than those for which it was collected is determined in accordance with the provisions of Article 6(3) of the 4 GDPR.
The processing of special categories of data (according to Art. 9 sec. 1 GDPR) is determined in accordance with the provisions of Article 9(1) of the GDPR. 2 GDPR.
We shall take place in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probability and severity of the risk to the rights and freedoms of natural persons, appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.
Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure, ensuring availability and availability. Separation. In addition, we have established procedures to ensure the exercise of data subjects’ rights, deletion of data and a response to data threats. Furthermore, we take into account the protection of personal data already in the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technical design and by data protection-friendly presets.
Cooperation with processors, joint managers and third parties
If, in the course of our processing, we disclose data to other persons and companies (processors, joint controllers or third parties), transmit them to them or otherwise grant them access to the data, this is only done on the basis of a legal permission (e.g. if a transfer of the data to third parties, such as to payment service providers, is necessary for the performance of the contract), have consented to the performance of the contract, have a legal obligation to do so or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we disclose, transmit or otherwise grant access to data to other companies in our group of companies, this is done in particular for administrative purposes as a legitimate interest and in addition to a legal appropriate basis.
Transfers to third countries
Insofar as we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or in the context of the use of third-party services or disclosure or transmission of Data to other persons or companies is only done if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to express consent or contractually required transfer, we process or leave the data only in third countries with a recognised level of data protection, including u.S. processors certified under the “Privacy Shield” or based on special guarantees, such as contractual obligation through so-called standard safeguard clauses of the EU Commission, to process the existence of certifications or binding internal data protection rules (Art. 44 to 49 GDPR, information page of the EU Commission).
Rights of data subjects
Right of access: You have the right to request confirmation as to whether the data in question is being processed and to obtain information about this data as well as to further information and copy of the data in accordance with the legal requirements.
Right to rectification: you have the right to rectification accordingly. the legal requirements, the right to request the completion of the data concerning you or the correction of the incorrect data concerning you.
Right to erasure and restriction of processing: You have the right, in accordance with the legal requirements, to demand that the data in question be deleted immediately, or alternatively, in accordance with the legal requirements, a restriction on the processing of the data data.
Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, common and machine-readable format, in accordance with the legal requirements, or to transmit it to another responsible.
Complaint to the supervisory authority: You also have the right to lodge a complaint with the competent supervisory authority in accordance with the legal requirements.
You have the right to revoke consents given with effect for the future.
Right to object
Right of objection: You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which may be used under Article 6(4) of the 1 lit. e or f GDPR to appeal; this shall also apply to profiling based on these provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct marketing.
Cookies and right of objection in direct marketing
“Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie is primarily used to store the information about a user (or the device on which the cookie is stored) during or after his visit within an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the contents of a shopping cart can be stored in an online shop or a login status. “permanent” or “persistent” are cookies that remain stored even after the browser is closed. For example, the login status can be saved if the users visit it after several days. Likewise, such a cookie may store the interests of users used for range measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than those responsible for the online offer (otherwise, if they are only their cookies, they are called “first-party cookies”).
If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in the system settings of their browser. Saved cookies can be deleted in the browser’s system settings. The exclusion of cookies may lead to functional limitations of this online offer.
Deletion of data
The data processed by us will be deleted or restricted in its processing in accordance with the legal requirements. Unless expressly stated in the context of this data protection declaration, the data stored by us will be deleted as soon as they are no longer necessary for their purpose and no legal retention obligations preclude deletion.
Unless the data is deleted because it is necessary for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
Users can create a user account. In the course of registration, the required mandatory information shall be communicated to the users and, on the basis of Article 6(4) of the 1 lit. b GDPR for the purpose of providing the user account. The data processed includes in particular the login information (name, password and an e-mail address). The data entered during the registration process will be used for the purposes of using the user account and its purpose.
Users can be informed by e-mail about information that is relevant to their user account, such as technical changes. If users have cancelled their user account, their data will be deleted with regard to the user account, subject to a legal retention obligation. It is the responsibility of users to secure their data before the end of the contract if they have been terminated. We are entitled to irretrievably delete all data of the user stored during the term of the contract.
As part of the use of our registration and registration functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user in protection against misuse and other unauthorized use. In principle, this data will not be passed on to third parties, unless it is necessary for the prosecution of our claims or there is a legal obligation to do so in accordance with the Art. 1 lit. c. GDPR. The IP addresses will be anonymized or deleted after 7 days at the latest.
Retrieving profile images from Gravatar
We use the Gravatar service of Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, within our online offer and in particular in the blog.
Gravatar is a service where users can log in and store profile pictures and their email addresses. If users with the respective e-mail address leave posts or comments on other online presences (especially in blogs), their profile pictures can be displayed next to the posts or comments. For this purpose, the e-mail address provided by the users is transmitted encrypted to Gravatar in order to check whether a profile is stored for it. This is the sole purpose of transmitting the e-mail address and it is not used for other purposes, but is subsequently deleted.
The use of Gravatar is based on our legitimate interests within the meaning of Art. 1 lit. f) GDPR, as with the help of Gravatar we offer the post and comment writers the opportunity to personalize their posts with a profile picture.
If users do not want a user image associated with your email address with Gravatar to appear in the comments, you should use an email address for commenting, which is not stored with Gravatar. We would also like to point out that it is also possible to use an anonymous or no e-mail address if the users do not want their own e-mail address to be sent to Gravatar. Users can completely prevent the transfer of data by not using our comment system.
Retrieving emojis and smilies
The use of the emojis is based on our legitimate interests, i.e. interest in an attractive design of our online offer according to. Art. 1 lit. f. GDPR.
When contacting us (e.g. via contact form, e-mail, telephone or via social media), the user’s details for processing the contact request and processing it in accordance with Art. 6 sec. 1 lit. b. (in the context of contractual/pre-contractual relations), Article 6(1) lit. f. (other requests) GDPR processed. Users’ information can be stored in a customer relationship management system (“CRM system”) or similar request organization.
We will delete the requests if they are no longer required. We check the necessity every two years; In addition, the statutory archiving obligations apply.
Hosting and email ingesting
The hosting services we use are used to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, e-mail, security, and technical maintenance services that we use for the purpose of operating this online offer.
In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta- and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in efficient and secure provision of this online offer in accordance with Art. 1 lit. f GDPR in art. 28 GDPR (conclusion of order processing contract).
Cloudflare Content Delivery Network
We use a so-called “Content Delivery Network” (CDN), offered by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare is certified under the Privacy Shield Agreement and thus provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active).
A CDN is a service that provides faster delivery of content from our online offering, especially large media files, such as graphics or scripts, with the help of regionally distributed servers connected over the Internet. The processing of the data of the users is carried out solely for the aforementioned purposes and the maintenance of the security and functionality of the CDN.
The use is based on our legitimate interests, i.e. interest in a safe and efficient provision, analysis and optimization of our online offer in accordance with Art. 1 lit. f. GDPR.
Facebook Pixels, Custom Audiences, and Facebook Conversion
Within our online offer, the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used.
With the help of the Facebook pixel, Facebook is able to identify the visitors of our online offer as the target group for the presentation of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads posted by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined by the websites visited) that we submit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to make sure that our Facebook ads correspond to the potential interest of the users and do not seem annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes, in which we can see whether users have been redirected to our website after clicking on a Facebook ad (so-called ” conversion”).
The processing of the data by Facebook takes place within the framework of Facebook’s data usage policy. Accordingly, general notes on the presentation of Facebook ads, in Facebook’s data usage policy: https://www.facebook.com/policy. For specific information and details about the Facebook pixel and how it works, see the Help section of Facebook: https://www.facebook.com/business/help/651294705016616.
If we ask the users for consent (e.g. within the scope of a cookie consent), the legal basis of this processing is Art. 1 lit. a. GDPR. Otherwise, the personal data of the users will be processed on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 sec. 1 lit. f. GDPR).
Facebook is certified under the Privacy Shield Agreement and thereby pledges to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
You may object to the collection by the Facebook pixel and the use of your data to display Facebook ads. To set what types of ads you see within Facebook, you can go to the page set up by Facebook and follow the usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
Online social media presences
We maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services.
We would like to point out that data of the users can be processed outside the area of the European Union. This can create risks for users, as this could, for example, make it more difficult to enforce users’ rights. With regard to US providers that are certified under the Privacy Shield, we would like to point out that they are committed to complying with EU data protection standards.
Furthermore, users’ data is usually processed for market research and advertising purposes. For example, user profiles can be created from the usage behaviour and the resulting interests of the users. The usage profiles can in turn be used to run, for example, advertisements inside and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the computers of the users, in which the user’s behaviour and the interests of the users are stored. Furthermore, data may also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
The processing of the personal data of the users takes place on the basis of our legitimate interests in the effective information of the users and communication with the users in accordance with Art. 6 sec. 1 lit. f. GDPR. If the users are asked by the respective providers of the platforms for consent to the aforementioned data processing, the legal basis of the processing is Art. a., Art. 7 GDPR.
For a detailed presentation of the respective processing and the opposition options (opt-out), we refer to the following linked information of the providers.
Even in the case of requests for information and the assertion of user rights, we would like to point out that these can be claimed most effectively from the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly. If you still need help, you can contact us.
Integration of third-party services and content
Within our online offer, we place content or service offers based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 sec. 1 lit. f. GDPR). third parties to include their content and services, such as videos or fonts (hereinafter referred to as “Content”).
This always presupposes that the third-party providers of this content perceive the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We make every effort to use only those contents whose respective providers use the IP address only for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” allow information on how to evaluate visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and, among other things, technical information about the browser and operating system, referring websites, visit time as well as further information on the use of our online offer as well as such information from other sources.
To our knowledge, the data of the users are used by OpenStreetMap exclusively for the purpose of displaying the map functions and caching the selected settings. This data may include, in particular, IP addresses and location data of the users, which are not collected without their consent (usually carried out within the framework of the settings of their mobile devices).