This privacy policy informs you about the type, scope, and purpose of processing personal data (hereinafter referred to as "data") in the provision of our services as well as within our online offer and the websites, functions, and content associated with it, and external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offer"). With regard to the terms used, such as "processing" or "controller", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Controller
Veit Erdmann
Kammweg 48
72762 Reutlingen
Types of data processed
- Master data (e.g., personal data, names or addresses).
- Contact data (e.g., email, telephone numbers).
- Content data (e.g., text input, photographs, videos).
- Usage data (e.g., visited websites, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
Categories of affected persons
Visitors and users of the online offer (hereinafter referred to collectively as "users").
Purpose of processing
- Provision of the online offer, its functions and content.
- Answering contact inquiries and communication with users.
- Security measures.
- Reach measurement/marketing
Terms used
"Personal data" are all information related to an identified or identifiable natural person (hereinafter referred to as the "affected person"); a natural person is considered identifiable if they can be directly or indirectly identified, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie), or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural, or social identity of this natural person.
"Processing" is any operation or set of operations performed with or without the use of automated processes in connection with personal data. The term is broad and virtually covers any handling of data.
"Pseudonymization" is the processing of personal data in such a way that the personal data can no longer be assigned to a specific affected person without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not assigned to an identified or identifiable natural person.
"Controller" means the natural or legal person, public authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data.
"Processor" a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller.
Relevant Legal Bases
In accordance with Article 13 of the GDPR, we inform you of the legal bases of our data processing. For users from the scope of the General Data Protection Regulation (GDPR), i.e. the EU and EEA, the following applies if the legal basis is not mentioned in the privacy policy:
The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR;
The legal basis for processing to fulfill our services and to carry out contractual measures as well as to answer inquiries is Article 6(1)(b) of the GDPR;
The legal basis for processing to fulfill our legal obligations is Article 6(1)(c) of the GDPR;
In the event that vital interests of the affected person or another natural person require processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.
The legal basis for the necessary processing to fulfill a task that is in the public interest or is carried out in the exercise of official authority that has been delegated to the controller is Article 6(1)(e) of the GDPR.
The legal basis for processing to safeguard our legitimate interests is Article 6(1)(f) of the GDPR.
Processing of data for other purposes than those for which they were collected is determined by the provisions of Article 6(4) of the GDPR.
Processing of special categories of data (in accordance with Article 9(1) of the GDPR) is determined by the provisions of Article 9(2) of the GDPR.
Security Measures
We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons, to ensure an appropriate level of protection against the risks.
The measures include, in particular, the protection of the confidentiality, integrity, and availability of data through control of physical access to the data, as well as access, input, transmission, availability, and separation of the data. Furthermore, we have established procedures that ensure the exercise of the rights of data subjects, deletion of data, and response to data breaches. Additionally, we consider the protection of personal data in the development or selection of hardware, software, and procedures, in accordance with the principle of data protection through technology design and through privacy-friendly default settings.
Cooperation with Contract Processors, Joint Controllers, and Third Parties
If we disclose, transmit, or otherwise grant access to data to other persons or companies (contract processors, joint controllers, or third parties) in the course of our processing, this will only take place on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, is required for performance of the contract), the user has consented, a legal obligation requires this, or on the basis of our legitimate interests (e.g. when using contractors, web hosts, etc.).
If we disclose, transmit, or otherwise grant access to data to other companies in our corporate group, this will only take place for administrative purposes and on the basis of a legitimate interest and furthermore on a basis that complies with legal requirements.
Transfers to Third Countries
In case we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA), or the Swiss Confederation), or if this happens through the use of services of third parties or disclosure, or transmission of data to other persons or companies, this is only done if it is necessary for the fulfillment of our (pre)contractual obligations, based on your consent, due to a legal obligation or based on our legitimate interests. Subject to legal or contractual permissions, we only process or have data processed in a third country if the legal requirements are met. This means that processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level equivalent to that of the EU (e.g., for the US through the "Privacy Shield") or compliance with officially recognized special contractual obligations.
Rights of data subjects
You have the right to request confirmation as to whether data concerning you are being processed, and to request information about such data as well as additional information and a copy of the data in accordance with legal requirements.
You have the right, in accordance with legal requirements, to request the completion of data concerning you or the correction of inaccurate data concerning you.
You have the right, in accordance with legal requirements, to request that data concerning you be deleted immediately or, alternatively, that processing of the data be restricted in accordance with legal requirements.
You have the right to receive data concerning you that you have provided to us, in accordance with legal requirements, and to request the transmission of such data to another responsible party.
You also have the right, in accordance with legal requirements, to file a complaint with the competent supervisory authority.
Right of withdrawal
You have the right to revoke any consent you have given with future effect.
Right of objection
You can object to the future processing of your data at any time in accordance with legal requirements. The objection can be made in particular against processing for the purpose of direct advertising.
Cookies and Right to Object in Direct Advertising
Small files stored on users' computers are referred to as "cookies". Different information can be stored within the cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit within an online service. Cookies are referred to as temporary cookies, or "session cookies" or "transient cookies," which are deleted after a user leaves an online service and closes their browser. For example, the contents of a shopping cart in an online shop or a login status can be stored in such a cookie. Cookies are referred to as "permanent" or "persistent" if they are stored even after the browser is closed. For example, the login status can be saved if users visit after several days. The interests of the users can also be stored in such a cookie and used for reach measurement or marketing purposes. Cookies offered by other providers than the responsible party operating the online service are referred to as "third-party cookies" (otherwise, if they are only its cookies, they are referred to as "first-party cookies").
We can use temporary and permanent cookies and explain this in our privacy policy. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. Excluding cookies may result in functional restrictions of this online service.
A general objection to the use of cookies used for online marketing purposes can be made with a large number of services, especially in the case of tracking, through the US website http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Additionally, the storage of cookies can be achieved by turning them off in the browser settings. Please note that not all functions of this online service can be used in this case.
Data Deletion
The data processed by us will be deleted or their processing restricted in accordance with the legal requirements. Unless explicitly stated in this privacy policy, the data stored with us will be deleted as soon as they are no longer necessary for their intended purpose and deletion is not prevented by any legal storage obligations.
If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be locked and not processed for any other purposes. This applies, for example, to data that must be stored for commercial or tax reasons.
Changes and Updates to the Privacy Policy
We ask you to regularly inform yourself about the content of our privacy policy. We will adjust the privacy policy as soon as changes to the data processing activities carried out by us make this necessary. We will inform you as soon as the changes require your participation (e.g. consent) or otherwise individual notification.
Comments and Contributions
If users leave comments or other contributions, their IP addresses can be stored for 7 days based on our legitimate interests under Art. 6 Para. 1 lit. f. GDPR. This is for our security in case someone leaves illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we can be held responsible for the comment or contribution and are therefore interested in the identity of the author.
Furthermore, on the basis of our legitimate interests under Art. 6 Para. 1 lit. f. GDPR, we reserve the right to process the user's information for the purpose of spam detection.
On the same legal basis, in case of surveys, we reserve the right to store the users' IP addresses for the duration of the surveys and to use cookies to prevent multiple voting.
The information about the person communicated in the context of comments and contributions, any contact and website information, as well as the content information, will be permanently stored by us until the users object.
Contact
When contacting us (e.g. via contact form, email, telephone or via social media), the user's information is processed for the processing of the contact request and its implementation in accordance with Art. 6 Abs. 1 lit. b. (within the framework of contractual / pre-contractual relationships), Art. 6 Abs. 1 lit. f. (other requests) GDPR. The user's information can be stored in a Customer Relationship Management System ("CRM System") or similar request organization.
We delete the requests if they are no longer necessary. We check the necessity every two years; Furthermore, the legal archiving obligations apply.
Hosting and E-Mail Dispatch
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email dispatch, security services and technical maintenance services, which we use for the purpose of operating this online offering.
In this context, we or our hosting provider process, inventory data, contact data, content data, contract data, usage data, meta- and communication data from customers, prospects and visitors to this online offering on the basis of our legitimate interests in an efficient and secure provision of this online offering in accordance with Art. 6 Abs. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a contract for processing).
Collection of Access Data and Logfiles
We or our hosting provider collect data on each access to the server on which this service is located (so-called server logfiles) on the basis of our legitimate interests in accordance with Art. 6 Abs. 1 lit. f. GDPR. Access data include the name of the website, file, date and time of access, amount of data transferred, a message about successful access, type and version of browser, the user's operating system, referrer URL (the previous page visited), IP address and the requesting provider.
Logfile information is stored for security reasons (e.g. for clarifying abuses or fraud) for a maximum of 7 days and then deleted. Data that requires further storage for evidence purposes is exempt from deletion until the final clarification of the respective incident.
Created with Data Protection Generator.de by RA Dr. Thomas Schwenke. The English version has been machine translated by ChatGPT.
