Processing of personal data
1.1. VISITS TO OUR WEBSITE
1.1.1. Scope of data processing
When you visit our website, your browser transmits certain data to our web server for technical reasons. This information comprises the following data (known as “server log files”):
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Operating system and its access status/HTTP status code
- The volume of data transferred
- The website from which the request is received (“referrer URL”)
- Browser used, as well as the language and version of the browser software
1.1.2. Purpose of data processing
It is necessary to store this data in log files in order to safeguard website functionality. We use it to optimise the website and ensure that our IT systems remain secure.
1.1.3. Legal basis for processing
We collect this data on the basis of our legitimate interest within the meaning of Article 6(1f) GDPR, in order to display our website and guarantee your security.
1.1.4. Storage period
For security reasons (e.g. for clarifying misuse or acts of fraud), information in the log files is stored for a maximum of seven days and is then erased. Data that must be stored for longer for evidence purposes is exempted from erasure until the incident in question has been definitively resolved.
1.1.5. Options for objecting and erasure of data
For technical reasons, the collection of data for the purpose of providing the website and its subsequent storage in log files is essential for the operation of the website. Consequently, the user does not have the option to object.
2.2. CONTACT FORM AND E-MAIL CONTACT
2.2.1. Scope of data processing
We process the following data when you use the contact form on our website: first name, surname, street, house number, postcode, town/city, country, e-mail address (possibly: form of address, title, company, telephone number, mobile phone number, the message you sent and whether you have requested a callback.)
Alternatively, depending on the issue, you can contact us using the e-mail addresses we have provided. In this case, the sender’s personal data transmitted in the e-mail will be processed.
No data is disclosed to third parties in this context. The data is solely used to process the conversation and resolve the issue.
2.2.2. Purpose of data processing
The personal data from the input screen is processed so that we can make contact with you. This also constitutes the necessary legitimate interest in processing the data in the event that we contact you by e-mail. Any other personal data processed when you submit the form (e.g. IP address, date, time, etc.) is used to prevent misuse of the contact form and ensure that our IT systems remain secure.
2.2.3. Legal basis for processing
When a user contacts us (using the contact form or by e-mail), their details are processed for the purpose of handling and concluding the contact enquiry in accordance with Article 6(1b) GDPR.
2.2.4. Storage period
We erase personal data once it is no longer required to achieve the purpose for which it was collected. For personal data taken from the input screen of the contact form and the data transmitted via e-mail, this is the case if the relevant conversation with the user is terminated. The conversation is ended if it can be inferred from the circumstances that the issue in question or the request for information has been fully resolved.
2.2.5. Options for objecting and erasure of data
You have the option of withdrawing your consent to the processing of your personal data at any time.
If you contact us by e-mail, you can object to the storage of your personal data at any time. Please note that doing so will naturally mean that our conversation cannot be continued. Please communicate any withdrawal of this nature to email@example.com. All personal data that has been stored in the course of this communication will then be erased.
3.3.1. Scope of data processing
This does not work by association with you personally, but rather by assigning an identification number to the cookie (“cookie ID”). This cookie ID is not linked with your name, IP address or similar data that would enable the cookie to be linked to you.
This website uses persistent cookies.
a) Persistent cookies are automatically deleted after a specified time period, which may vary depending on the cookie. You can delete the cookies at any time in the security settings for your browser.
3.3.2. Purpose of data processing
Some elements of our website require the requesting browser to be identified after moving to a new page. In these cases, it is necessary for the browser to be recognised after accessing a new page.
3.3.3. Legal basis for the data processing
Article 6(1f) GDPR provides the legal basis for the processing of personal data using cookies that are necessary from a technical perspective.
3.3.4. Storage period
Persistent cookies are automatically deleted after a specified time period.
3.3.5. Options for objecting and erasure of data
However, please note that you block or delete cookies, you may not be able to use of all the features on this website.
3.4. WEB ANALYTICS
3.4.1. Scope of data processing
We use Google Analytics on our website, which is a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
The data collected by Google in this process that concerns your use of the website (e.g. the pages you visit on our site) is transmitted to a Google server in the USA and stored and analysed there, and the results are made available to us in anonymised form.
We use the IP anonymisation feature on our website that is provided by Google. This means that your IP address is truncated prior to processing by Google within member states of the European Union or other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the USA, where it is truncated.
Google is certified under the EU-U.S. Privacy Shield, which guarantees a suitable level of data protection for data held by Google in the USA.
3.4.2. Purpose of data processing
Google uses this information on our behalf in order to evaluate use of our website and to compile reports about activity on our website. This enables us to improve your online experience to and increase the user-friendliness of our website.
3.4.3. Legal basis for processing
For the purposes indicated above, we have a legitimate interest in data processing carried out by Google Analytics. The legal basis in this instance is Article 6(1f) GDPR.
3.4.4. Storage period
Sessions and campaigns are ended after a certain period of time have elapsed. By default, sessions are ended after 30 minutes of inactivity and campaigns after six months. The maximum time limit for campaigns is two years.
3.5. GOOGLE REMARKETING
3.5.1. Scope of data processing
In addition to AdWords conversion tracking, we use Google AdWords remarketing (“Google marketing services”), an application provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
This is another method we use with a view to reaching out to you. This application makes it possible for our advertisements to be displayed to you when you continue to browse the Internet after visiting our website. This takes place by means of cookies saved in your browser, which enable Google to record and analyse your behaviour when visiting various websites. For information explaining what cookies are and how they can be deleted, see above. These cookies allow user behaviour to be analysed upon visits to our website, and subsequently to be used for targeted product recommendations and personalised advertising.
This means that Google can identify your previous visit to our website. Google has stated that the data collected as part of this remarketing is not combined with any of your personal data that Google may be storing. In particular, Google states that pseudonymisation is used in remarketing.
For these purposes, when you request our website and other websites on which Google marketing services are active, Google directly executes a code, developed by Google, and (re)marketing tags are integrated in the website (these tags are invisible graphics or code, known as “web beacons”). These are used to save an individual cookie, i.e. a small file, on the user’s device (comparable technology may be used instead of cookies). This file notes which websites are visited by the user, what content interests them and what offers they click on, as well as technical information concerning the browser and operating system, referrer websites, visit duration and other information relating to use of the website. In addition, the IP address of the user is recorded; as is the case for Google Analytics, the IP address is truncated by Google within member states of the European Union or other states party to the Agreement on the European Economic Area, and is only sent to a Google server in the USA in full and truncated there in exceptional cases. The IP address is not linked to other data concerning the user within other Google platforms. The aforementioned information may be combined with such information from other sources by Google. If you request a website on the Google Network after visiting our website, you may be shown advertisements with content from our website.
Google is certified under the Privacy Shield arrangement and thereby provides a guarantee of its compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
3.5.2. Purpose of data processing
Google uses this information, on our behalf, in order to bring previous visitors to our website back to our website and to target them using personalised advertising.
3.5.3. Legal basis for processing
We use this service on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and profitable business activity of our online content within the meaning of Article 6(1f) GDPR).
3.5.4. Storage period
Sessions and campaigns are ended after a certain period of time has elapsed. By default, sessions are ended after 30 minutes of inactivity and campaigns after six months. The maximum time limit for campaigns is two years.
3.5.5. Options for objecting and erasure of data
If you wish to object to personalized marketing by Google marketing services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences.
4. Data security
We take technical, organisational and contractual measures to safeguard the security of data processing in accordance with the state of the art. In so doing, we ensure that the provisions of data protection law, and the General Data Protection Regulation in particular, are complied with and that the data we process is protected against destruction, loss, modification and unauthorised access. These security measures include the encrypted transmission of data between your browser and our servers. Please note that SSL encryption for online data transfers is only active if the padlock symbol appears in the lower menu bar of your browser window and the address begins with “https://”. SSL (Secure Socket Layer) protects data transmission against illegal access by third parties using encryption technology. If this option is not available, you may also decide not to send certain data via the Internet.
All information that you send to us is stored and processed on our servers in the Federal Republic of Germany.
5. Disclosure of data to third parties and third-party providers
Data is only transferred to third parties in accordance with the statutory requirements. We only disclose user data to third parties if, for example, this is necessary for contractual purposes, on the basis of Article 6(1b) GDPR, or due to our legitimate interests, in accordance with Article 6(1f) GDPR, in the profitable and efficient operation of our business activities.
In the context of commissioned data processing in accordance with Article 28 GDPR, we engage sub-contractors for the provision of our services, in particular for the operation, maintenance, and hosting of the website. We have taken suitable legal precautions and appropriate technical and organizational measures in order to provide protection for personal data in accordance with the applicable statutory provisions.
6. Your rights
If we process personal data that concerns you, this means that you are a data subject as defined in the General Data Protection Regulation (GDPR), and that you have the following rights regarding us in relation to the personal data in question:
- Right of access (Article 15 GDPR)
- Right to rectification (Article 16 GDPR)
- Right to erasure (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object to processing (Article 21 GDPR)
You also have the right to lodge a complaint regarding our processing of your personal data with a data protection supervisory authority.