Name and contact details of the person responsible
Our responsible party (hereinafter “responsible person”) within the meaning of Art. 4 No. 7 GDPR is:
Ulrich Roman Murtfeld
Anemone Way 45
Email address: firstname.lastname@example.org
Types of data, purposes of processing and categories of data subjects
Below we will inform you about the type, scope and purpose of the collection, processing and use of personal data.
1. Types of data we process
Usage data (access times, websites visited, etc.), inventory data (name, address, etc.), contact data (telephone number, email, fax, etc.), payment data (bank details, account details, payment history, etc.), contract data (subject of the contract, term etc.), content data (text entries, videos, photos etc.), communication data (IP address etc.),
2. Purposes of processing according to Art. 13 Para. 1 c) GDPR
Processing of contracts, purposes of evidence/preservation of evidence, optimizing the website technically and economically, enabling easy access to the website, fulfilling contractual obligations, contacting you in the event of legal complaints from third parties, fulfilling legal retention obligations, optimizing and statistical evaluation of our services, supporting commercial use of the website, improving user experience , Designing the website in a user-friendly manner, Economic operation of advertising and website, Marketing / sales / advertising, Creation of statistics, Determining the likelihood of texts being copied, Avoiding SPAM and misuse, Processing an application process, Customer service and customer care, Processing contact requests, Providing websites with functions and content , security measures, uninterrupted, secure operation of our website,
3. Categories of data subjects according to Art. 13 Para. 1 e) GDPR
Visitors/users of the website, customers, suppliers, interested parties, applicants, employees, employees of customers or suppliers,
The affected persons are collectively referred to as “users”.
Legal basis for processing personal data
Below we inform you about the legal basis for processing personal data:
If we have obtained your consent for the processing of personal data, Art. 6 Paragraph 1 Sentence 1 Letter a) GDPR is the legal basis.
If the processing is necessary to fulfill a contract or to carry out pre-contractual measures at your request, Art. 6 Para. 1 Sentence 1 Letter b) GDPR is the legal basis.
If the processing is necessary to fulfill a legal obligation to which we are subject (e.g. legal retention obligations), Art. 6 Para. 1 Sentence 1 Letter c) GDPR is the legal basis.
If the processing is necessary to protect the vital interests of the data subject or another natural person, Art. 6 Paragraph 1 Sentence 1 Letter d) GDPR is the legal basis.
If the processing is necessary to protect our or a third party’s legitimate interests and your interests or fundamental rights and freedoms do not outweigh this, Art. 6 Paragraph 1 Sentence 1 Letter f) GDPR is the legal basis.
Transfer of personal data to third parties and processors
As a general rule, we do not pass on any data to third parties without your consent. If this is the case, then the transfer takes place on the basis of the aforementioned legal bases, e.g. when transferring data to online payment providers to fulfill the contract or due to a court order or due to a legal obligation to release the data for the purpose of criminal prosecution or to avert danger or to enforce intellectual property rights.
We also use processors (external service providers, e.g. for web hosting of our websites and databases) to process your data. If data is passed on to the processor as part of an order processing agreement, this is always done in accordance with Art. 28 GDPR. We carefully select our processors, check them regularly and have been granted the right to issue instructions regarding the data. In addition, the processors must have taken appropriate technical and organizational measures and comply with the data protection regulations in accordance with the new version of the BDSG and the GDPR
Data transfer to third countries
The adoption of the European General Data Protection Regulation (GDPR) created a uniform basis for data protection in Europe. Your data is therefore predominantly processed by companies that apply to the GDPR. If the processing takes place by third-party services outside the European Union or the European Economic Area, they must meet the special requirements of Art. 44 ff. GDPR. This means that the processing is carried out on the basis of special guarantees, such as the determination of a data protection level that corresponds to the EU officially recognized by the EU Commission or the observance of officially recognized special contractual obligations, the so-called “standard contractual clauses”.
If we obtain your express consent to data transfer in the USA due to the ineffectiveness of the so-called “Privacy Shield” in accordance with Article 49 Paragraph 1 Sentence 1 Letter a) GDPR, this indicates the risk of secret access US authorities and the use of the data for surveillance purposes, possibly without legal recourse for EU citizens.
Deletion of data and storage period
Unless expressly stated in this data protection declaration, your personal data will be deleted or blocked as soon as the consent given to the processing is revoked by you or the purpose for storage no longer applies or the data is no longer required for the purpose, unless their Further storage is necessary for evidentiary purposes or this is contrary to statutory retention requirements. This includes, for example, commercial law retention obligations for business letters in accordance with Section 257 Paragraph 1 of the German Civil Code (BGB). 1 HGB (6 years) as well as tax retention obligations according to Section 147 Paragraph 1 AO of receipts (10 years). When the prescribed retention period expires, your data will be blocked or deleted, unless storage is still necessary to conclude a contract or to fulfill the contract.
Existence of automated decision making
We do not use automatic decision-making or profiling.
Provision of our website and creation of log files
If you only use our website for information purposes (i.e. no registration or any other transmission of information), we only collect the personal data that your browser transmits to our server. If you would like to view our website, we collect the following data:
• IP address;
• User’s Internet service provider;
• Date and time of retrieval;
• Browser type;
• Language and browser version;
• Content of the retrieval;
• time zone;
• Access status/HTTP status code;
• Amount of data;
• Websites from which the request comes;
• Operating system.
This data will not be stored together with your other personal data.
This data serves the purpose of delivering our website to you in a user-friendly, functional and secure manner with functions and content as well as its optimization and statistical evaluation.
The legal basis for this is our legitimate interest in data processing for the above purposes in accordance with Article 6 Paragraph 1 Sentence 1 Letter f) GDPR.
For security reasons, we store this data in server log files for a storage period of days. After this period has expired, they will be automatically deleted unless we need them to be retained for evidence purposes in the event of attacks on the server infrastructure or other legal violations.
The following types of cookies are responsible:
• Necessary, essential cookies: Essential cookies are cookies that are absolutely necessary for the operation of the website in order to save certain functions of the website such as logins, shopping cart or user input, e.g. regarding the language of the website.
Session cookies: Session cookies are required to recognize multiple uses of an offer by the same user (e.g. if you have logged in to determine your login status). When you visit our site again, you provide this cookie information to automatically recognize you. The information obtained in this way serves to help us
We have integrated the Borlabs Cookie Consent Plugin for WordPress (service provider: Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg) as a consent management service on our website.
Purposes of data processing: compliance with legal obligations, consent storage.
Legal basis: The legal basis for the processing of personal data is our legitimate interest in the above purposes in accordance with Article 6 Paragraph 1 Sentence 1 Letter f) GDPR as well as the fulfillment of legal obligations in accordance with Article 6 Paragraph 1 Sentence. 1 lit. c) GDPR.
Storage period: Storage of the data until you delete the Borlabs cookie in your browser or the purpose for data storage no longer applies. Proof of revocation of previously granted consent will be retained for a period of three years. The retention is based on our accountability in accordance with Art. 5 Para. 2 GDPR and the standard statute of limitations.
Data transmission/recipient category: the data will not be passed on to Borlabs.
Use of the blog functions / comments
You can post public comments on our blog, which contains posts about topics on our website. You can use a pseudonym instead of a real name. Your contribution will then be published under the pseudonym. Providing your email address is mandatory, all other information is voluntary.
When you post a comment, we save your IP address with the date and time, which we delete after a few days. The storage serves the legitimate interest of defending against third-party claims if you publish illegal or untrue content. We save your email address for the purpose of contacting you if third parties have legal objections to your comments.
The legal basis is Article 6 Paragraph 1 Sentence 1 Letters b) and f) GDPR.
We do not review your comments before publishing them. In the event of complaints from third parties, we reserve the right to delete your comments. We do not pass on the data to third parties unless it is necessary to pursue our claims or there is a legal obligation (Art. 6 Para. 1 S. 1. lit. c) GDPR).
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected or to carry out the contract because the contract has been terminated.
Contact us via contact form / email / fax / post
When you contact us via contact form, fax, post or email, your details will be processed for the purpose of processing the contact request.
The legal basis for processing the data, if you have given your consent, is Article 6 Paragraph 1 Sentence 1 Letter a) GDPR. The legal basis for the processing of data transmitted in the course of a contact request or email, letter or fax is Article 6 Paragraph 1 Sentence 1 Letter f) GDPR. The person responsible has a legitimate interest in processing and storing the data in order to be able to answer user inquiries, to preserve evidence for liability reasons and, if necessary, to be able to fulfill his legal retention obligations for business letters. If the contact is aimed at concluding a contract, the additional legal basis for the processing is Article 6 Paragraph 1 Sentence 1 Letter b) GDPR.
We may store your information and contact request in our Customer Relationship Management System (“CRM System”) or a comparable system.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those that were sent by email, this is the case when the respective conversation with you has ended. The conversation ends when it can be seen from the circumstances that the matter in question has been finally clarified. We store inquiries from users who have an account or contract with us for a period of two years after termination of the contract. In the case of legal archiving obligations, deletion takes place after their expiry: end of the commercial law (6 years) and tax law (10 years) retention obligation.
You have the option at any time to revoke your consent to the processing of personal data in accordance with Article 6 Paragraph 1 Sentence 1 Letter a) GDPR. If you contact us by email, you can object to the storage of your personal data at any time.
We have integrated advertisements from the Google service “Adsense” (service provider: Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) on our website. The advertisements are marked with the (i) note “Google ads” in each advertisement.
Data categories and description of data processing: usage data/communication data; When you visit our website, Google receives the information that you have accessed our website. To do this, Google places a web beacon or cookie on your computer. The data is also transferred to the USA and analyzed there. If you are logged in with a Google account, Adsense can assign the data to your account. If you do not wish this, you must log out before visiting our website. But other information can also be used by Google for this:
• the types of websites you visit and the mobile apps installed on your device;
• Cookies in your browser and settings in your Google account;
• Websites and apps you have visited;
• Your activities on other devices;
• previous interactions with Google ads or advertising services;
• Your Google Account activity and information.
When you click on an Adsense ad, the user’s IP is processed by Google (usage data), whereby the processing is carried out pseudonymously (so-called “advertising ID”) by shortening the IP by the last two digits.
When providing personalized advertising, Google does not link identifiers from cookies or similar technologies with special categories of personal data in accordance with Art. 9 GDPR such as ethnic origin, religion, sexual orientation or health.