Status January 14th, 2020
We appreciate your interest in our website. The protection of your privacy in the processing of personal data and the security of all commercial information is an important concern for us, which we take into account in our business processes. This is to inform you in detail about how your data is handled.
RESPOMSIBILITY ACCORDING TO ART. 4 ABS. 7 EU-GENERAL DATA PROTECTION REGULATION (GDPR)
Abraham de Veerstraat 9
DATA PROTECTION OFFICER OF THE ENTITY
Directors: Jirka Lissewski, Dennis Quintenz, Gerrit Korner, Lennart Berens
Email: [email protected]
LEGAL FRAMEWORK FOR THE PROCESSING OF PERSONAL DATA
In accordance with Art. 13 GDPR, we will inform you about the legal basis of our data processing. For users within the territory of the EU and the EEC the EU General Data Protection Regulation (GDPR) shall apply as legal basis as follows:
(1) Insofar as we obtain the consent for the processing of personal data from the subject person, Art. 6, para. 1 lit. a GDPR serves as legal basis.
(2) For the processing of personal data required for the fulfillment of a contract whose contractual party is the subject person, Art. 6 Para 1 lit. b GDPR serves as legal basis. This also applies to processing operations required for the implementation of pre-contractual measures.
(3) Insofar as the processing of personal data is required to fulfill a legal obligation to which our company is subject, Art. 6, para 1 lit. c GDPR serves as legal basis.
(4) In the event that vital interests of the subject person or of another natural person require the processing of personal data, Art. 6, para 1 lit. d GDPR serves as legal basis.
(5) If processing is necessary to safeguard a legitimate interest of our company or of a third party and if these interests, fundamental rights and freedoms of the subject do not outweigh the interests of the former, Art. 6, para 1 lit. f GDPR serves as legal basis for processing.
(6) The processing of data which is required to fulfill obligation in the public interest or in the exercise of official authority is subject to Art. 6 para. 1e GDPR .
(7) The processing of data for purposes other than those for which they were collected is determined by the provisions of Art. 6, para 4 GDPR.
(8) The processing of special categories of data (in accordance with Art. 9, para 1 GDPR) is governed by Art. 9, para 2 GDPR.
DELETION OF DATA AND STORAGE TIME
(1) The personal data of the subject person will be deleted or blocked as soon as the purpose of the storage ceases to apply.
(2) In addition, data may be stored if this was intended by the European or Maltese legislator in EU regulations, laws or other provisions to which the responsible entity is subject.
(3) The data will also be blocked or deleted when a storage period stipulated by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
(4) The Need of storage of the data will be checked by us on a regular basis.
INFORMATION ON THE COLLECTION OF PERSONAL DATA
(1)You will find information on the collection of personal date when using our website as follows. Personal data includes all data that is relatable to you personally, i. e. name, address, E-Mail addresses, user behavior.Specifically, these are:
– historical data (e.g., customer data, names, addresses).
– contact data (e.g., e-mail, phone numbers).
– content data (e.g., texts, photos, videos).
– usage data (e.g., visited content, access times).
– Meta / communication data (e.g., device information, IP addresses).
(2) When you contact us by E-Mail or via a contact form, we will store the data you provide (your E-Mail address, if necessary your name and your telephone number) in order to answer your questions. We will delete the data arising from this context once the storage is no longer necessary or limit the processing if statutory storage periods exist.
(3) If we use contracted service providers for individual functions of our offer or if we want to use your data for advertising purposes, we will inform you in detail on the respective processes as stated below. This will include the defined criteria for the storage period.
Collection of personal Data when visiting our Website
For purely informational use of the website, i. e. if you don’t register or otherwise provide us with information, we only collect personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is a technical requirement for us in order to display our website to you and to guarantee stability and security (Art. 6, para 1 p. 1 lit. f GDPR serves as legal basis.):
• Host name
• Date and time of inquiry
• Time Zone difference with Greenwich Mean Time (GMT)
• Contents of the inquiry (specific page)
• Access status/HTTP status code
• Respectively transmitted amount of data
• Website from which the inquiry originated (Referrer)
• Specific pages of our website that you accessed
• Browser: type, version and set language
• Operating system: type and version
(1) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text fields that are stored on your hard disk allocated to the browser you use and through which certain information flows towards the site setting the cookie. Cookies cannot run programs or transmit viruses to your computer. They serve to make the internet offer overall more user-friendly and effective.
(2) This website uses Transient Cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the collective session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
(3) The storage of cookies can be achieved by switching them off in the settings of the browser. Please note that not all features of this website may be used without cookies.
OTHER FUNCTIONS AND OFFERS OF OUR WEBSITE
(1) Besides the purely informational use of our website, we offer various services that you can use if you are interested. As a general rule, you will have to provide further personal data, which we use to provide the respective service and to which the aforementioned data processing principles apply.
(2) In some cases we use external service providers to process your data. These have been carefully selected and mandated by us, are bound by our instructions and examined on a regular basis.
(3) Insofar as our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the service.
RIGHTS OF THE SUBJECT PERSON
This clause provides information on your rights as a subject person according to Art. 15 GDPR. You can exercise these rights at all times and contact us directly on that account. If you claim these rights from us, we will examine them in detail under consideration of the associated legal requirements and restrictions. In this context we may ask you for further information. We will explain in detail the results of our audit and our procedure for the fulfillment of your inquiry. It is possible that we cannot fully comply with your requests in the way you wish.This should not deter you from claiming your rights from us or asking us about them. We will be happy to answer all your questions.
(1) Right of Information
Sie haben das Recht, von uns jederzeit Auskunft zu verlangen, ob und welche Daten zur Ihrer Person von You have the right to request information from us at any time as to whether and which of your personal data is processed by us. This also includes information on the purposes of processing, if necessary on recipients to whom we have disclosed data about you, the planned storage period and, if necessary, information on the origin of this data, unless we have collected this data directly from you. In addition, you have the right to a one-time free copy of your personal data stored with us. We reserve the right to charge an appropriate administration fee for further copies.
(2) Right of Correction
You have the right to ask us for the correction of inaccurate data that we are storing with regards to your person. This also includes the right to completion of incomplete personal data.
(3) Right of Deletion
You have the right to ask us for the deletion of data that we are storing with regards to your person. If we published data about you, this also includes our obligation, as part of the “right to being forgotten” in line with Art. 17, para. 2 GDPR, to forward your request for deletion, all links to this data as well as copies or replicas concerning this data, to other responsible entities for the processing of this published personal data, taking into account available technology and the cost of implementation. The stored data will be deleted as soon as they will be no longer necessary for their purpose and the deletion does not conflict with any legal archiving requirements.
(4) Right of Restriction of Processing
You have the right to ask us for the restriction of processing of data that we are storing with regards to your person. Thereafter the processing of this data will only be possible with your consent or for selected, legally defined purposes.
(5) Right of Objection of Processing
Insofar as we base the processing of your personal data on the weighing of interests, you may object to the processing. This is the case when the processing is in particular not necessary to fulfil a contract with you, as described respectively for each function below. When exercising such objection, we ask you to explain why we should not process your personal data in the way we have done. In the event of your reasonable objection we will examine the factual and legal situation and either stop or adapt the data processing or we will present you with our imperative reasons worthy of protection, on the basis of which we will continue the processing. Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at all times. You can inform us about your advertising objection using the contact channels listed above.
(6) Right to revoke a data protection consent
If you have given your consent to the processing of your data, you can revoke it at all times. Such a revocation affects the admissibility of the processing of your personal data after you expressed it to us.
(7) Right of Transfer of Data
You have the right to receive information about yourself that you have provided to us, from us in a structured, common and machine-readable format for the purpose of transfer to another responsible entity. At your request, taking into account the available technical possibilities, this also includes the direct transfer from us to the other responsible entity.
(8) Right of Appeal to a Supervisory Authority
You have the right to complain about your processing of your personal data to a data protection supervisory authority at any time. For Estland the supervisory authority is the Andmekaitse Inspektsioon. Contact data: Postal Address Tatari 39, Tallinn 10134, Estland, Call Centre: 627 4135, E-mail: [email protected]
(9) Automated Decision making including Profiling according to Art. 4, para 4 GDP.
You have the right to obtain information on the existence of automated decision-making, including profiling, in accordance with Art. 22, para. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved as well as the scope and intended effects of such processing for the subject person..
6 IMPLEMENTATION OF THIRD PARTY’S SERVICES
(1) On this website we also use the fonts (“Google Fonts”) of the provider Google LLC. By using these items we can offer you a better user comfort on our website. This serves should increase the attractiveness of our website. The legal basis for the use of these items is Art. 6 para. 1 sentence 1 lit. f GDPR.
(2) For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the following privacy statements provided by these providers. There you will also find further information about your rights and settings options for the protection of your privacy.
(4) Addresses of the respective providers and URL of their privacy statements:
a) Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
The cookie stores personally identifiable information, such as access time, the location from which access was made and the frequency of site visits by the data subject. The processed data may include, in particular, users’ IP addresses and location data, but these are not collected without their consent (usually as part of the settings of their mobile devices). Google also processes your personal information in the US and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework.
Privacy statement: https://www.google.com/policies/privacy/
b) YouTube YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. Die YouTube, LLC ist einer Tochtergesellschaft der Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Each time a single page is viewed and a YouTube video has been integrated, the internet browser on the affected person’s system will automatically be prompted to download a representation of the corresponding YouTube video. More information about YouTube can be found at https://www.youtube.com/yt/about/en/. If the person is logged in to YouTube at the same time, YouTube recognizes the person by calling the YouTube video. This information will be collected by YouTube and Google and associated with the affected person’s YouTube account.
For the duration of use of software products and up to 9 months thereafter, personal data will be stored at this provider. For more information, see their privacy statement at https://www.zoho.eu/en/privacy.html (or https://www.zoho.com/privacy.html).
c) Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA und außerhalb der USA: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
By calling up the website, the integrated Facebook plug-in collects data about the visitor and also assigns their Facebook account to a logged-in person. For an overview of all the pug-ins, see: https://developers.facebook.com/docs/plugins/. We point out that we as the provider of the links to these platforms are not aware of the content of the transmitted data and their use by Facebook.
d) Telegram Messenger LLP. 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, UK.
By using your telegram account information about your contacts, visited groups and your contributions are collected and processed. For more information about the privacy of Telegram, see your account: Telegram FAQ: „What are your thoughts on internet privacy ?“ and „What about GDPR ?“. We point out that as providers of links to these platforms, we are not aware of the content of the transmitted data and their use by Telegram.
e)Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
By using Twitter website, the integrated Twitter button collects data about the visitor and assigns their Twitter account to a logged-in person. Details about the Twitter buttons are available at https://about.twitter.com/resources/buttons. Please note that as a provider of links to these platforms we are not aware of the content of the transmitted data and their use by Twitter.
f) Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA ist eine Tochtergesellschaft der Facebook Inc.
If you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit of our pages with your user account. Please note that as a provider of links to these platforms we are not aware of the content of the submitted data and their use by Instagram.
Technical and organizational measures (TOM) acc. Art. 32 GDPR
We comply with legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons. Therefore we implemented appropriate technical and organizational measures to ensure a suitable level of protection against detected risks.