Data privacy

Data privacy statement according to the GDPR

 I. Name and address of the controller

The controller in the sense of the General Data Protection Regulation and other national data protection legislation of the member states as well as other data protection provisions is:

FRÄNKISCHE Rohrwerke
Gebr. Kirchner GmbH & Co. KG
Hellinger Str. 1
97486 Königsberg / Germany
Phone: +49 95 25 88-0
Fax: +49 95 25 88-150
E-mail: info@fraenkische.de
Website: www.fraenkische.com

II. Name and address of the data protection officer

The data protection officer of the controller is:

Lawyer
Konstantin Malakas
Steinbachtal 2b
97072 Würzburg / Germany
Phone: +49 931 29 98 08-0
Fax: +49 931 29 98 08-8
E-mail: datenschutz@fraenkische.de
Websites: www.malakas.de; www.weblawyer.de

III. General information on data processing

  1. Scope of processing personal data

We generally collect and process personal data of our users only insofar as this is required to provide an operative website and for our contents and services. Collection and use of personal data of our users regularly takes place only after consent of the user. An exception applies in those cases when obtaining consent beforehand is not possible for actually valid reasons, and processing of data is permitted by law.

  1. Legal basis for processing personal data

As far as we obtain consent from a data subject for processing operations of personal data, Art. 6 Para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing of personal data is required for the performance of a contract to which the data subject is the contractual party, Art. 6 Para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for conducting pre-contractual measures.

When processing of personal data is required for compliance with a legal obligation to which our company is subject, Art. 6 Para. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 Para. 1 lit. d GDPR serves as the legal basis.

When processing is required to maintain a legitimate interest of our company or of a third party and when the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 Para. 1 lit. f GDPR serves as the legal basis for processing.

  1. Data erasure and storage duration

The personal data of the data subject will be erased or blocked as soon as the purpose for storage lapses. In addition, storage can take place if provided for by European or national legislators in EU ordinances, laws or other regulations which the controller is subject to. Blocking or erasure of data is also carried out when a storage period stipulated in the standards referred to expires unless there is a need for further storage of data for the conclusion of a contract or contractual performance.

 IV. Provision of the website and creation of logfiles

  1. Description and scope of data processing

With every access of our website, our system automatically collects data and information from the computer system of the accessing computer.

The following data are collected:

  • Information about the browser type and version used
  • The operating system of the user
  • The internet service provider of the user
  • The IP address of the user
  • The date and time of the access
  • Websites from where the system of the user is referred to our website
  • Websites which are accessed from the user’s system via our website

The data are also stored in the logfiles of our system. Storage of these data together with other personal data of the user does not take place.

  1. Legal basis for data processing

The legal basis for the temporary storage of data and logfiles is Art. 6 Para. 1 lit. f GDPR.

  1. Purpose of data processing

The temporary storage of the IP address by the system is necessary to allow provision of the website to the user’s computer. This requires the IP address of the user to be stored for the duration of the session.

The storage in logfiles takes place to ensure the functionality of the website. In addition, the data are used to optimise the website and to ensure the security of our information technology systems. Analysis of the data for marketing purposes does not take place in this context.

These purposes also represent our legitimate interest in data processing according to Art. 6 Para. 1 lit. f GDPR.

  1. Duration of storage

The data will be erased as soon as they are no longer required for the achievement of the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is finished.

In the case of storing the data in logfiles, this is the case after 14 days. Storage beyond that time is possible. In this case, the IP addresses of the users are pseudonymised or anonymised so that an association with the accessing client is no longer possible.

  1. Means of objection and elimination

The collection of data for the provision of the website and the storage of data in logfiles is imperative for the operation of the website. Consequently, the user has no possibility to object.

 V. Use of cookies

  1. Description and scope of data processing

We use cookies to make our website as user-friendly as possible.

Cookies are small text files that a FRÄNKSICHE web server (e.g., the web server of www.fraenkische.com) sends to your browser when you access a website. This cookie contains a characteristic string which enables the browser to be clearly identified when the website is accessed again. Session cookies expire at the end of the browser session and can record your actions during this one browser session. Permanent cookies, on the other hand, remain stored on your device also between different browser sessions and can record your settings or actions on several websites.

Cookies generally do not pose any danger to your computer since they are only text files and not executable programs.

The cookies of FRÄNKISCHE websites (www.fraenkische.com) serve, on the one hand, to facilitate the use of our websites and, on the other hand, for market research and advertising purposes, as well as the collection of usage statistics. We furthermore use cookies within the context of the web tracking and use them as the basis for personalised content.

In addition to the session cookies, which are deleted when you end your browser session, we also use permanent cookies. These cookies will remain stored until you delete them. No personal data are stored in the cookies we use.

Depending on the settings of your browser, the cookie file is stored or dismissed. If the file is saved, our web server will be able to recognise your device. During later visits and when switching between functions requiring you to enter a password, you can save some entries thanks to the cookie. Hence, cookies facilitate using our websites that require user input. In addition, cookies can help us provide you with a web offer tailored to your needs as much as possible.

If you do not want this, you can disable cookies as described below:

Set your browser such that it rejects our cookies if you wish to use our websites without cookie functionality. What you need to do exactly differs depending on the browser you use, which is why we cannot describe this in more detail at this point.

If your browser is already set such that it displays a warning every time it receives a cookie, you can decide on a case-by-case basis whether you want to accept the cookie or not. However, when you access each of our individual websites, our identification cookie has to be sent anew, and these notifications might quickly become very annoying.

We therefore recommend that you set your browser such that it always allows cookies from www.fraenkische.com. You can define this setting individually for individual websites. In this case, for example, your text input in form fields can be stored for further queries so that re-entering this is not required the next time you visit our websites. Of course, we can then also present you with personalised content.

Some elements of our website require the accessing browser to be identified even after a page change.

The following data are stored and transmitted in the cookies:

  • Language settings
  • Log-in information
  • Search terms entered
  • Frequency of page views
  • Use of website features

The data of users collected in this way will be anonymised by technical means. Therefore, an association of the data with the accessing user is no longer possible. The data will not be stored together with other personal data of the user.

When visiting our website, the user will be informed about the use of cookies for analysis purposes and referred to this data privacy statement by means of an info layer. In this context, there will also be a notification as to how the storage of cookies can be prevented in the browser settings.

Please find more information on how to use or how to disable cookies atwww.meine-cookies.org or www.youronlinechoices.com.

Regardless of cookies stored, for security reasons, you will need to log in again for each access to sections of our website requiring registration.

a) Third-party cookies

In addition, FRÄNKSICHE integrates third-party content on fraenkische.de. These third parties may set cookies when you visit our websites and thus, for example, obtain the information that you have accessed our websites under www.fraenkische.com. Please visit the websites of the third parties for more information about how they use cookies. If you have decided not to consent to the use of cookies subject to consent or to revoke this (disabling cookies), you will see only the functions of our websites whose use we can make available without these cookies.

b) Social media (Facebook, Google+, Twitter)

You will also find services of our company in online networks offered by other companies on the internet (Facebook, Google, Twitter).

You can use these services only if you are registered and logged in with the respective social network. Therefore, you should note that the usage and data protection terms and conditions of the respective service provider apply to the use of the respective social network.

  • Our websites use social plug-ins (“plug-ins”) of the following social networks: Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2 Ireland, recognisable by the Facebook logo (white or blue “f” on a blue or white tile)
  • Google+, operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, recognisable by the Google+ logo (a red “g” followed by “+1”)
  • Twitter, a micro-blogging service of the US company Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, recognisable by the Twitter logo (a blue bird)

We have no influence over the extent of the data the service providers obtain by using their plug-ins, and therefore inform you according to our level of awareness: As a result of the plug-in integration, the service provider will be notified that you have accessed the respective page of our website. If you are logged in to the respective service provider, they can associate the visit with your account. If you interact with the plug-ins, e.g., by clicking the Recommend button, the respective information will be transmitted by your browser directly to the respective service provider and will be stored there. If you are not a member of a service provider, you must expect the respective service to learn about your IP address and store it. If you are a member of a service provider and do not want them to collect data about you via our internet presence and associate this with your account data stored with the respective service provider, you need to log out with the respective service provider before clicking the button of the social network.

Please obtain further information on the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your setting options to protect your privacy from the data protection regulations of the service providers.

Facebook: https://www.facebook.com/privacy/explanation and http://www.facebook.com/full_data_use_policy

Google+:   www.google.com/intl/de/policies/privacy/

Twitter:     http://twitter.com/privacy

  1.  Legal basis for data processing

The legal basis for data processing under the presence of consent by the user is Art. 6 Para. 1 lit a GDPR.

The legal basis for processing of data transmitted in the course of the use of the plug-in is Art. 6 Para. 1 lit. f GDPR.

  1.  Purpose of data processing

The purpose of application of technically necessary cookies is facilitating the use of websites for users. Some functions of our website cannot be provided without the use of cookies. For these functions, it is necessary that the browser is recognised again even after a change of pages.

The user data collected by technically necessary cookies will not be used to create user profiles.

The use of analysis cookies is carried out for the purpose of improving the quality of our website and its contents. We learn how the website is used on the basis of the analysis cookies, and can thus constantly optimise our offer.

Google cookies are used for the collection of web statistics in particular.

We use cookies by social media service providers to give users the opportunity to interact with the other services used by them.

These purposes also represent our legitimate interests in processing personal data according to Art. 6 Para. 1 lit. f GDPR.

  1.  Duration of storage

Cookies are stored on the user’s computer and transmitted to our website from there. Therefore, you as a user have full control over the use of cookies. By modifying the settings in your internet browser, you can disable or restrict the transmission of cookies. Previously stored cookies can be deleted at any time. This can also be automated.

With regard to the duration of the data storage by the respective social media service provider and your rights and setting options to protect your privacy, we refer to the above links to the data privacy information of the respective service providers.

Please also note that when you delete cookies, you might also delete the opt-out cookies which could lead to the actually desired effect failing to materialise. If you have deleted all your cookies in the browser, you must therefore set the respective opt-out cookie again.

  1.  Means of objection and elimination

You have the possibility to disable the cookie settings in your browser as described in V. 1 at any time. If no active disabling takes place, elimination is only possible by deleting them from your system. There is no right to objection for technical reasons.

With regard to the means of objection and elimination with the respective social media service providers and your rights and setting options to protect your privacy, we refer to the above links to the data privacy information of the respective service providers.

VI .Newsletter

  1. Description and scope of data processing
    a) Our website offers you the possibility to subscribe to a free newsletter. When subscribing to the newsletter, the data from the input mask is transmitted to us.

(1) E-mail address (mandatory field)
(2) Newsletters from the desired area (mandatory field)
(3) Title
(4) First name
(5) Last name
(6) Company
(7) Street and house number
(8) Postal code and city
(9) Country
(10) Telephone
(11) Department affiliation

In addition, the following data are collected upon subscription:

  • IP address of the accessing computer
  • Date and time of registration

Within the framework of the subscription process, your consent for the processing of data is obtained and this data privacy statement is referred to.

b) If you purchase goods or services from our website and provide your e-mail address while doing so, this may subsequently be used by us for sending a newsletter. In such a case, only direct advertising for own similar goods or services is distributed via the newsletter.

In the context of data processing for the distribution of newsletters, there is no disclosure of data to third parties. In addition to the distribution of the newsletter, the data are also used to generate user profiles.

  1. Legal basis for data processing

The legal basis for data processing following subscription to the newsletter by the user under the presence of consent by the user is Art. 6 Para. 1 lit a GDPR.

The legal basis for the distribution of the newsletter following the sale of goods or services is Section 7 Para. 3 UWG (Law Against Unfair Competition).

  1. Purpose of data processing

The collection of the e-mail address of the user is used to deliver the newsletter.

The collection of other personal data in the context of the subscription process is used to prevent an abuse of the services or of the e-mail address used.

  1. Duration of storage

The data will be erased as soon as they are no longer required for the achievement of the purpose of their collection. The e-mail address of the user will hence be stored as long as the subscription to the newsletter is active.

Other personal data collected as part of the registration process will be deleted after seven days.

  1. Means of objection and elimination

The respective user can cancel the subscription to the newsletter at any time. Each newsletter contains a corresponding link for this purpose.

This also allows a revocation of the consent to the storage of personal data collected during the subscription process.

VII.    Provision of the website and creation of a customer account

In the event that you exercise the option of creating a customer account via our websites and register, the following information will be collected from you and stored for the duration of the existence of your customer account.

  1.  Description and scope of data processing

You will register with the following data when you create a customer account:

  • Salutation
  • First name (mandatory field)
  • Last name (mandatory field)
  • Address with street, country, postal code and city/town (mandatory fields)
  • Personnel number (mandatory field)
  • E-mail address for billing (mandatory field)
  • Password for the customer account (mandatory field)
  • Order comment

The information provided in (1) to (7) will be automatically transferred into our customer management program and stored there for the fulfilment of the request of the ordered goods.

  1.  Legal basis for data processing

The legal basis for the automated transfer of data into our customer management program is Art. 6 Para. 1 lit. b GDPR.

The legal basis for the permanent storage of the data in our customer management program is Art. 6 Para. 1 lit. c GDPR, because we have a legal obligation to archive documents regarding business transactions.

The legal basis for the temporary storage of data and logfiles is Art. 6 Para. 1 lit. f GDPR.

  1.  Purpose of data processing

The temporary storage of the IP address by the system is necessary to allow provision of the website to the user’s computer. This requires the IP address of the user to be stored for the duration of the session.

The storage in logfiles takes place to ensure the functionality of the website. In addition, the data are used to optimise the website and to ensure the security of our information technology systems. Analysis of the data for marketing purposes does not take place in this context.

These purposes also represent our legitimate interest in data processing according to Art. 6 Para. 1 lit. f GDPR.

The automated transfer into our customer management program as well as the permanent storage there takes place in order to comply with our contractual and statutory obligations.

  1.  Duration of storage

The data will be erased as soon as they are no longer required for the achievement of the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is finished.

If you want to delete your customer account, please contact info@fraenkische.de. We would like to point out that the deletion of the account does not include deletion of personal data subject to the statutory retention periods. These data are stored in our customer management program.

  1.  Means of objection and elimination

The collection of data for the provision of the website and the storage of data in logfiles is imperative for the operation of the website. Also required is the transfer of the data into our customer management program since otherwise no order processing can take place, and the permanent storage in order to comply with the requirements stipulated by statutory retention periods. Consequently, the user has no possibility to object.

VIII. Registration

  1. Description and scope of data processing

We offer users the possibility to register on our website under indication of personal data. The data are entered in an input mask, transmitted to us and stored. A transfer of data to third parties outside of the FRÄNKSICHE group of companies does not take place. The following data will be collected as part of the registration process:

At the time of registration, the following data will be stored in addition:

  • Salutation (mandatory field)
  • Title
  • First name (mandatory field)
  • Last name (mandatory field)
  • Company (mandatory field)
  • Position and department
  • Street and house number (mandatory field)
  • Post code (mandatory field)
  • City/town (mandatory field)
  • E-mail address (mandatory field)
  • Telephone (mandatory field)
  • Country (mandatory field)
  • Department affiliation
  • Telephone (mandatory field)
  • Department affiliation (mandatory field)
  • Password (mandatory field)
  • Competence and topic (mandatory field)

In addition, the following data are collected upon registration:

  • The IP address of the user
  • Date and time of registration

Consent of the user to process these data is obtained as part of the registration process.

  1. Legal basis for data processing

The legal basis for the temporary storage of data and logfiles is Art. 6 Para. 1 lit. f GDPR.

The legal basis for data processing under the presence of consent by the user is Art. 6 Para. 1 lit a GDPR.

If the purpose of the registration is the performance of a contract to which the user is a contracting party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data shall be Art. 6 Para. 1 lit. b GDPR.

  1. Purpose of data processing

The collection of other personal data in the context of the registration process such as IP address, date and time by the system is necessary to allow provision of the website to the user’s computer. This requires the IP address of the user to be stored for the duration of the session. The storage of these data in logfiles is used to prevent abuse of the services. In addition, the data are used to optimise the website and to ensure the security of our information technology systems. These purposes also represent our legitimate interest in data processing according to Art. 6 Para. 1 lit. f GDPR.

Registration of the user is required for certain contents and services on our website. These contents and services are information and/or documents that are not freely available on our websites, but are only available to a closed user group.

In addition, we use these data for public relations, marketing campaigns, the initiation of contractual relationships and the processing of requests.

  1. Duration of storage

Data will be erased as soon as they are no longer required for the achievement of the purpose of their collection and no statutory regulation requires their retention.

This is the case for the data collected during the registration process if the registration on our website is made void or amended.

The data collected during the registration process for the performance of a contract concluded or to conduct pre-contractual measures will be deleted when the data are no longer required for the execution of the contract. A requirement to store personal data of the contractual partner may exist even after the conclusion of the contract in order to comply with contractual or legal obligations. For example, contracts for the performance of a continuing obligation require the storage of personal data during the term of the contract. In addition, warranty periods and the storage of data for tax purposes must be respected.

  1. Means of objection and elimination

As a user you have the possibility to cancel the registration at any time. You can have the data stored about you modified at any time. Please send us your request for erasure via e-mail to info@fraenkische.de.


IX. Contact form and e-mail contact

  1. Description and scope of data processing

Our website offers contact forms which can be used for establishing contact electronically. If a user takes this opportunity, the data entered in the input mask will be transmitted to us and stored. These data are:

  • Name (mandatory field)
  • E-mail address (mandatory field)
  • Telephone number
  • Your message (mandatory field)

At the time of sending the message, the following data will be stored in addition:

  • The IP address of the user
  • Date and time of registration

Within the framework of the registration process, your consent for the processing of data is obtained and this data privacy statement is referred to.

Alternatively, you can contact us via the provided e-mail address. In this case, the personal data of the user transmitted in the e-mail will be stored.

In this context, there will be no transmission of data to third parties outside of the FRÄKISCHE group of companies. The data will be used exclusively for processing the correspondence.

  1. Legal basis for data processing

The legal basis for data processing under the presence of consent by the user is Art. 6 Para. 1 lit a GDPR.

The legal basis for processing of data transmitted in the course sending an e-mail is Art. 6 Para. 1 lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR.

  1. Purpose of data processing

Processing of personal data from the input mask solely serves for processing your correspondence. In the event of contacting via e-mail, this also represents the required legitimate interest in processing the data.

The other personal data processed during the transmission process are intended to prevent the abuse of the contact form and ensure the security of our information technology systems.

  1. Duration of storage

The data will be erased as soon as they are no longer required for the achievement of the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective correspondence with the user is completed. Correspondence is considered completed when it becomes clear from the circumstances that the respective case has been dealt with conclusively.

The personal data additionally collected during the transmission process will be deleted after a period of seven days at the latest.

  1. Means of objection and elimination

Users have the option to revoke their consent to the processing of personal data at any time. If users contact us by e-mail, they can object to the storage of their personal data at any time. The correspondence cannot be continued in such cases. Please send us your request for erasure via e-mail to info@fraenkische.de. All personal data that have been stored in the course of the contact will be erased in this case.

X. Use of other social media plug-ins

  1. LinkedIn
    a) Scope of processing personal data

Our websites feature components of the social network “LinkedIn”. These functions are offered by LinkedIn Ireland Limited, 77 Sir John Rogerson’s Quay, Dublin 2, Ireland. When you use the “InShare” button, the websites visited by you are associated with your LinkedIn account and shared with other users. Data are then also transferred to LinkedIn.

When you access one of our websites that includes a LinkedIn component, your browser will establish a direct connection with LinkedIn’s servers. LinkedIn will send the component’s content directly to your browser and from there integrate it into the website.

As a result of the integrated component, LinkedIn will be notified that you have accessed the respective website of our company. If you are logged in to LinkedIn, LinkedIn can associate the visit with your LinkedIn account.

If you object to transmission of this information to LinkedIn, you can prevent this transmission by logging off your LinkedIn account before accessing our websites.

Please obtain information for further processing and use of data by LinkedIn as well as your rights in this respect and settings options for protecting your privacy from LinkedIn’s data privacy statement available at www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com%7Cli-other.

b) Legal basis for processing personal data

The legal basis for processing personal data is Art. 6 Para. 1 lit. f GDPR. For more information, please see the data privacy statement of LinkedIn available at

https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com%7Cli-other.

c) Purpose of data processing

With regard to the purpose of processing your data and their use by LinkedIn, we refer to the data privacy statement of LinkedIn available at https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com%7Cli-other.

d) Duration of storage, means of objection and elimination

With regard to the duration of storage and means of objection and elimination with LinkedIn, we refer to the data privacy statement of LinkedIn available at https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com%7Cli-other.

  1. Xing
    a) Scope of processing personal data

Our websites feature components of the “Xing” service, operated by XING AG, Gänsemarkt 43, 20354 Hamburg / Germany.

When you access one of our websites that includes a Xing component, your browser will establish a direct connection with Xing’s servers. Xing will send the component’s content directly to your browser and from there integrate it into the website.

As a result of the integrated component, Xing will be notified that you have accessed the respective website of our company. If you are logged in to Xing, Xing can associate the visit with your Xing account.

If you object to transmission of this information to Xing, you can prevent this transmission by logging off your Xing account before accessing our websites.

Please obtain information for further processing and use of data by Xing as well as your rights in this respect and settings options for protecting your privacy from Xing’s data privacy statement available at https://privacy.xing.com/de/datenschutzerklaerung.

b) Legal basis for processing personal data

The legal basis for processing personal data is Art. 6 Para. 1 lit. f GDPR.

For more information, please see the data privacy statement of Xing available at https://privacy.xing.com/de/datenschutzerklaerung.

c) Purpose of data processing

With regard to the purpose of processing your data and their use by Xing, we refer to the data privacy statement of Xing available at https://privacy.xing.com/de/datenschutzerklaerung.

d) Duration of storage, means of objection and elimination

With regard to the duration of storage and means of objection and elimination with Xing, we refer to the data privacy statement of Xing available at https://privacy.xing.com/de/datenschutzerklaerung.

  1. YouTube
    a) Scope of processing personal data

Our websites feature components of the “YouTube” service, operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

When you access one of our websites that includes a YouTube component, your browser will establish a direct connection with YouTube’s servers. YouTube will send the component’s content directly to your browser and from there integrate it into the website.

As a result of the integrated component, YouTube and Google will be notified that you have accessed the respective website of our company. If you are logged in to YouTube, YouTube and Google can associate the visit with your YouTube account.

If you object to transmission of this information to YouTube and Google, you can prevent this transmission by logging off your YouTube account before accessing our websites.

Please obtain information for further processing and use of data by YouTube/Google as well as your rights in this respect and settings options for protecting your privacy from Google’s data privacy statement available at www.google.de/intl/de/policies/privacy/.

b) Legal basis for processing personal data

The legal basis for processing personal data is Art. 6 Para. 1 lit. f GDPR.

For more information, please see the data privacy statement of YouTube/Google available at www.google.de/intl/de/policies/privacy/.

c) Purpose of data processing

With regard to the purpose of processing your data and their use by YouTube, we refer to the data privacy statement of YouTube/Google available at www.google.de/intl/de/policies/privacy/.

d) Duration of storage, means of objection and elimination

With regard to the duration of storage and means of objection and elimination with YouTube, we refer to the data privacy statement of YouTube/Google available at www.google.de/intl/de/policies/privacy/.


XI. Web analysis by etracker

  1. Scope of processing personal data

For our website, we use the software tool Web-Controlling Suite by etracker (www.etracker.com), a German provider of web analysis software, for the analysis of the surfing behaviour of our users. The software sets a cookie on the computer of the user (see above for more information on cookies). When individual pages of our website are accessed, the following data will be stored:

  • Three bytes of the IP address of the accessing system of the user (xxx.xxx.xxx.???)
  • The accessed website
  • The website from which the user was referred to the accessed website (referrer)
  • The sub-pages called from the accessed website
  • The time spent on the website
  • The frequency of accessing the website

The analysis software runs exclusively on the servers of etracker. Storage of personal data of users will not take place because the IP address is being anonymised. The software is set in such a way that the IP addresses will not be stored completely, but 1 byte of the IP address will be masked (e.g.:  xxx.xxx.xxx.???). This renders an association of the shortened IP address with the accessing computer impossible.

Data will not be transferred to third parties. If required, we will export reports from the anonymised data stored by etracker for statistical purposes.

  1. Legal basis for processing personal data

The legal basis for processing the personal data of users is Art. 6 Para. 1 lit. f GDPR until the user’s IP address is being anonymised. This is done at the earliest possible point in time (cf. www.etracker.com/datenschutz/).

  1. Purpose of data processing

Processing of the personal data of the users, which takes place with anonymised data at the earliest possible stage, allows us to analyse the surfing behaviour of our users. The analysis of the data obtained allows us to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user friendliness.

  1. Duration of storage

Since the data are anonymised, they will not be deleted but will be available for analysis purposes permanently. A conclusion to an individual user is not possible. etracker has committed to never merge collected data with any other data, for example, to identify a person (cf. www.etracker.com/datenschutz/).

  1. Means of objection and elimination

The etracker cookies are stored on the user’s computer and transmitted to our website from there. Therefore, you as a user have full control over the use of cookies. By modifying the settings in your internet browser, you can disable or restrict the transmission of cookies. Previously stored cookies can be deleted at any time. This can also be automated. If you disable cookies for our website, you may no longer be able to use all of the features of the website to their full extent.

We offer our website users the possibility of an opt-out from the analysis procedures. To do this, you must follow the appropriate link. This sets another cookie in your system, signalling our system not to store the data of the user. If, in the meantime, users delete the appropriate cookie from their own system, they must set this opt-out cookie again.

etracker Opt-Out-Link

Please refer to the following link for more information about the privacy settings of the etracker software: www.etracker.com/datenschutz.

XII. Google Adwords

  1. Description and scope of data processing

We use Google Adwords conversion tracking for our marketing campaigns. This is an analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

If you click on a Google ad, a cookie for conversion tracking will be stored on your computer. These cookies lose their validity after 30 days, do not contain any personal data and are therefore not used for personal identification.

If you access our websites and the cookie has not yet expired, we will be able to recognise that you have clicked on the ad and were thus redirected to our website. Google as the service provider receives this information as well.

  1. Legal basis for data processing

The legal basis for processing personal data of users is Art. 6 Para. 1 lit. f GDPR.

  1. Purpose of data processing

The information that we obtain using the conversion cookie serves the purpose of creating conversion statistics. This shows us the total number of users who have clicked on one of our ads placed with Google and who were redirected to a website with a conversion tracking tag. However, we do not obtain any information that can identify users personally.

These purposes also represent our legitimate interest in processing data according to Art. 6 Para. 1 lit. f GDPR.

  1. Duration of storage

Although the cookies lose their validity after 30 days, they will not be deleted unless you delete them yourself.

For more information and the data privacy statement of Google, please see www.google.de/policies/privacy/.

  1. Means of objection and elimination

If you do not want to participate in tracking, you can refuse the required setting of a cookie – for instance, as described above, via browser settings which generally disables the automatic setting of cookies or by setting your browser such that cookies from the domain “googleleadservices.com” are blocked.

You can also disable the settings for advertising on Google for personalised advertising. You can find instructions at support.google.com/ads/answer/2662922?hl=de.


XIII. Google Maps

  1. Description and scope of data processing

Our website uses Google Maps for the representation of geographic information, e.g., for the display of the interactive map for directions. This is implemented using an Iframe. When using Google Maps, Google also collects and processes data about the use of the Maps functions by users of the websites.

When using Google Maps, information about the use of this website including your IP address and – when using the route planner function – the (start) address you have entered is transmitted to Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you access a website that contains interactive maps by Google Maps, a direct connection with the servers of Google and your browser is established. Google will send the map’s content directly to your browser and from there integrate it into the website. Therefore, we have no influence on the amount of data collected by Google in this way. According to our knowledge, this is at least the following data:

  • IP address of the user
  • Date and time
  • Internet address of our website
  • In case of route planning: the entered (start) address.

Please refer to Google’s privacy policy for more information about data processing by Google. In Google’s privacy centre, you can manage your personal settings as a registered user of Google. Link to Google’s privacy centre.

  1. Legal basis for data processing

The legal basis for the temporary storage of data and logfiles is Art. 6 Para. 1 lit. f GDPR.

  1. Purpose of data processing

By using Google’s map services on our websites, the user has the possibility to find us easier when visiting us.

Please obtain the purpose and scope of data collection and the further processing and use of data by Google as well as your rights and setting options related to this to protect your privacy from Google’s data privacy information (see above).

These purposes also represent our legitimate interest in processing data according to Art. 6 Para. 1 lit. f GDPR.

  1. Duration of storage

The data will be erased as soon as they are no longer required for the achievement of the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is finished.

In the case of storing the data in logfiles, this is the case after 14 days. Storage beyond that time is possible. In this case, the IP addresses of the users are anonymised or pseudonymised so that an association with the accessing user is no longer possible.

  1. Means of objection and elimination

If you do not want Google to collect, process or use data about you from our website, you can disable JavaScript in your browser settings. In this case, however, you cannot use the map display. When you disable JavaScript, other functions of the website such as the navigation menu will no longer work either. We therefore recommend that you do not disable JavaScript if you want to take full advantage of the content and functionality of our website.

As described in Section V., a cookie is also set when using Google maps. Consequently, the information there applies accordingly.

If you want to install the opt-out option for Google web tracking in your browser, you can do so at https://tools.google.com/dlpage/gaoptout?hl=de.

We offer our website users the possibility of an opt-out from the analysis procedures. To do this, you must follow the appropriate link. This sets another cookie in your system, signalling our system not to store the data of the user. If, in the meantime, users delete the appropriate cookie from their own system, they must set the opt-out cookie again.

Please refer to the following link for more information about the privacy settings of the Google Analytics software: https://policies.google.com/privacy?hl=de.

 

XIV. Rights of the data subject

If your personal data will be processed, you are considered a data subject within the meaning of the GDPR and have the following rights against the controller:

  1. Right of access

You can request a confirmation by the controller whether we process personal data concerning you.

If there is such processing, you can request the following information from the controller:

(1)      the purposes for which the personal data are processed;

(2)      the categories of personal data which are processed;

(3)     the recipients or categories of recipients to whom the personal data concerning you have been disclosed or will be disclosed;

(4)     the planned duration of the storage of personal data concerning you or, if specific details on this are not possible, criteria for determining the duration of storage;

(5)     the existence of a right to rectification or erasure of personal data concerning you, the right to restriction of processing by the controller or a right to object to this processing;

(6)      the existence of a right of appeal to a supervisory authority;

(7)     all available information about the origin of the data if the personal data are not collected from the data subject;

(8)     the existence of automated decision-making including profiling according to Art. 22 Para. 1 and Para. 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and desired effects of such processing for the data subject.

You have the right to demand information as to whether or not personal data concerning you are transmitted to a third country or an international organisation. In this context, you may request to be informed about the appropriate safeguards according to Art. 46 GDPR in connection with the transmission.

  1. Right to rectification

You have the right to rectification and/or completion against the controller if the processed personal data concerning you are inaccurate or incomplete. The controller shall rectify this immediately.

  1. Right to restriction of processing

On condition of the following, you can demand the restriction of processing of the personal data concerning you:

(1)     if you challenge the accuracy of the personal data concerning you for a period which allows the controller to check the accuracy of the personal data;

(2)     processing is unlawful and you dismiss erasure of the personal data and instead demand the restriction of the use of the personal data;

(3)     the controller no longer needs the personal data for the purpose of processing, but you need them for the enforcement, exercise or defence of legal claims, or

(4)     if you have objected to processing in accordance with Art. 21 Para. 1 GDPR and it has not yet been decided whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, these data – apart from storage – can only be processed with your consent or for the enforcement, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of substantial public interest of the European Union or of a member state.

If the restriction of processing has been limited according to the above-mentioned prerequisites, you will be informed by the controller before the restriction is rescinded.

  1. Right to erasure
    a) Obligation for erasure

You can request the controller to erase the personal data concerning you immediately, and the controller will be obliged to erase these data immediately if one of the following reasons applies:

(1)     The personal data concerning you are no longer necessary for the purposes for which they were collected or processed in any other way.

(2)     You revoke your consent on which the processing was based according to Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a GDPR, and there is no other legal basis for processing.

(3)     You object to processing according Art. 21 Para. 1 GDPR and there are no other legitimate reasons for processing, or you object to processing according to Art. 21 Para. 2 GDPR.

(4)      The personal data concerning you have been processed unlawfully.

(5)     The erasure of the personal data concerning you is required for compliance with a legal obligation according to European Union law or the law of the member states to which the controller is subject.

(6)     The personal data concerning you have been collected in relation to the offer of information society services in accordance with Art. 8 Para. 1 GDPR.

b) Information to third parties

If the controller has published the personal data concerning you and if they are obliged to erase these data according to Art. 17 Para. 1 GDPR, they shall, taking into account the available technology and implementation costs, take the appropriate measures, also of a technical nature, to inform the persons responsible for data processing that you as the data subject have requested the erasure of all links to these personal data or of copies or replications of these personal data.

c) Exceptions

The right to erasure does not apply if processing is required

(1)      for exercising the freedom of expression and information;

(2)     for compliance with a legal obligation requiring processing in accordance with the law of the European Union or the member states to which the controller is subject, or for the performance of a task carried out in the public interest, or in the exercise of public authority vested in the controller;

(3)     on grounds of public interest in the field of public health pursuant to Art. 9 Para. 2 lit. h and i, and Art. 9 Para. 3 GDPR;

(4)     for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes according to Art. 89 Para. 1 GDPR, to the extent that the right mentioned in paragraph a) is expected to make the achievement of the objectives of this processing impossible or seriously impair this, or

(5)      for the enforcement, exercise or defence of legal claims.

  1. Right to be informed

If you have enforced the right to rectification, erasure or restriction of processing against the controller, they are obligated to inform all recipients to whom the personal data concerning you have been disclosed about this rectification, erasure or restriction of processing of the data unless this proves impossible or would involve disproportionate effort.

You have the right against the controller to be informed about these recipients.

  1. Right to data portability

You have the right to obtain the personal data concerning you which you have provided to the controller in a structured, common and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided if

(1)     processing is based on a consent according to Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract according to Art. 6 Para. 1 lit. b GDPR and

(2)      processing takes place using automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you are directly transferred to another controller by a controller insofar as this is technically feasible. This must not affect any civil liberties and rights of other persons.

The right to data portability does not apply to the processing of personal data that is required for the performance of a task in the public interest or in the exercise of public authority vested in the controller.

  1. Right to object

You have the right to object to the processing of personal data concerning you collected according to Art. 6 Para. 1 lit. e or f GDPR for reasons arising from your specific situation at any time; this also applies to profiling based on these provisions.

The controller will no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for processing which override your interests, rights, and freedoms or for the enforcement, exercise, or defence of legal claims.

If the personal data concerning you will be processed for purposes of direct advertising, you have the right to object to the processing of personal data concerning you for the purposes of such advertising at any time; this also applies to profiling in so far as this is connected with such direct advertising.

If you object to processing for purposes of direct advertising, the personal data concerning you will no longer be processed for these purposes.

You have the option, in relation to the offer of information society services – regardless of Directive 2002/58/EC – to exercise your right to object by means of automated processes in which technical specifications are used.

  1. Right to revoke your consent to the data privacy statement

You have the right to revoke your consent to the data privacy statement at any time. The revocation of consent does not affect the legality of processing carried out until the revocation on the basis of the consent granted.

  1. Automated individual decision making, including profiling

You have the right not to be subjected to a decision solely based on automated processing – including profiling – which takes legal effect against you or significantly impacts you in a similar way. This does not apply if the decision

(1)     is required for the conclusion or performance of a contract between you and the controller,

(2)     due to statutory provisions of the European Union or the member states to which the controller is subject, is admissible and these statutory provisions contain appropriate measures in order to safeguard your rights and freedoms as well as your legitimate interests or

(3)      takes place with your explicit consent.

However, these decisions must not be based on special categories of personal data according to Art. 9 Para. 1 GDPR unless Art. 9 Para. 2 lit. a or g GDPR applies and adequate measures for the protection of the rights and freedoms as well as your legitimate interests have been taken.

With regard to the cases referred to in (1) and (3), the controller takes appropriate measures in order to safeguard the rights and freedoms as well as your legitimate interests, which includes at least the right to obtaining the intervention of a person on the part of the controller, the right to presentation of one’s own position and the right to challenge the decision.

  1. Right to appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to appeal to a supervisory authority, especially in the member state of your place of residence, your place of work or the location of the alleged infringement, if you are of the opinion that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which you have appealed informs the claimant about the status and the results of the complaint including the possibility of a judicial remedy according to Art. 78 GDPR.