This data protection declaration explains to you the type, extent and purpose of processing of personal data (subsequently called "data") within my online presence and all related websites, functions and contents as well as external online presences, e.g. social media profile (subsequently called "online presence"). Concerning the used concepts, e.g. "processing" or "responsible", I refer to the definitions according to Art. 4 of the General Data Protection Regulation (GDPR).

Types of processed data:

- Inventory data (e.g., names, addresses)
- Contact data (e.g., e-mail, phone numbers)
- Content data (e.g., text entries, photos, videos)
- User figures (e.g., visited websites, interests on contents, access times)
- Meta-/communikation data (e.g, device informations, IP addresses)

Categories of affected persons

Visitors and users of the online presence (in the following I call the affected persons also "users").

Purpose of processing

- Provision of the online presence, its functions and contents
- Answering of contact requests and communication with users
- Security measures
- Range measurements/marketing

Used concepts

"Personal data" are all informations concerning an identified or identifiable natural person (subsequently called "affected person"); a natural person is seen as identifiable when she can be identified directly or indirectly, especially by means of a known value like a name, identification number, location data or online identifier (e.g. cookie) or to one or more special attributes, which are an expression of a physical, physiological, genetical, psychological, commercial, cultural or social identity of this natural person.

"Processing" is every action performed with or without help of automated processes or every such sequence of processes in the context of personal data. The definition is far-reaching and encompasses almost every handling with data.

Referred to as "responsible" is the natural or legal person, authority, facility or other body which decides over purpose and means of personal data processing, alone or in conjunction with others.

Relevant legal basis

According to Art. 13 GDPR I inform you about the legal basis of my data processing. In case the legal basis in the data protection is not mentioned, the following is applicable: The legal basis for obtaining of consent is Art. 6 Abs. 1 lit. a and Art. 7 GDPR, the legal basis for the processing for fulfillment of my services and performance of contractual measures as well as answering of requests is Art. 6 Abs. 1 lit. b GDPR, the legal basis for the procession to fulfill my legal commitments is Art. 6 Abs. 1 lit. c GDPR, and the legal basis for processing to ensure my legitimate interests is Art. 6 Abs. 1 lit. f GDPR. In case of vital interests of the affected person or another natural person necessitate the processing of personal data, Art. 6 Abs. 1 lit. d GDPR is regarded as the legal basis.

Collaboration with contractual data processing and 3rd parties

In case I disclose any data against other persons and companies (contractual processing or 3rd parties), forward them or grant them otherwise access to this data, this is carried out only on the background of a legal permission (e.g. if a transmission of data to 3rd parties, like for a money transfer is necessary according to Art. 6 Abs. 1 lit. b GDPR for the fulfillment of a contract), you have consented, a legal commitment provides for it or on the basis of my legitimate interests (e.g. service of an agent, web host etc.).

In case I assign 3rd parties with the processing of data on the basis of a so-called "contractual data processing contract", this happens on the basis of Art. 28 GDPR.

Forwarding into third party countries

In case I process data in a third party country (that means outside the European Union (EU) or the European Economic Area (EWR)) or this happens in the framework of claiming the services of third parties or disclosure, or forwarding of data to third parties, this only happens if it is necessary for fulfillment of my (pre-)contractual obligations, based on your consent, because of a legal liability or based on my legitimate interests. Subject to legal requirements or contractual permissions, I process or let process the data in a third party country only when the special requirements according to Art. 44 ff. GDPR are given. This means, the processing is carried out e.g. based on the presence of special guarantees, like the officially accepted declaration of a data protection level similar to that in the EU (e.g. „Privacy Shield“ for the USA) or the acceptance of officially recognized special contractual commitments (so-called „standard contract terms“).

Rights of the affected persons

You have the right to demand a confirmation if affected data are processed and of disclosure of this data as well as further information and copies of the data according to Art. 15 GDPR.

Accroding to Art. 16 GDPR you have the right to claim the completion of or the correction of incorrect data concerning your person.

According to proportions of Art. 17 GDPR you have the right to demand that concerned data are immediately deleted, respectively to alternatively according to proportions of Art. 18 GDPR demand a restriction on further processing of the data.

You have the right to demand that you obtain the data concerning your person which you have provided to me, according to proportions of Art. 20 GDPR and to demand their transmission to other responsible persons.

You furthermore have the right according to Art. 77 GDPR to make a complaint at the responsible regulating authority.

Right of withdrawal

You have the right to withdraw any issued consent according to Art. 7 Abs. 3 GDPR to take effect in the future.

Right of objection

You can object a further processing of the data concerning our person according to Art. 21 GDPR at any time. The objection can especially be issued against the processing for purpose of direct marketing.

Cookies and right of objection for direct advertisement

„Cookies“ are small data files which are stored on the devices of the users. Inside the cookies different informations can be stored. A cookie mainly serves to store the informations from a user (respectively the device on which the cookie is stored) while or also after a visit inside an online presence. Cookies are called temporary cookies, respectively „session cookies“ or „transient cookies“ if they are deleted after a user leaves the online presence and closes the browser. In such a cookie e.g. the content of a shopping basket in an online store or the login status can be stored. A cookie is called „permanent“ or „persistent“ when they are stored in the memory after the browser is closed. In this way e.g. the login status can be saved if the users visit the online presence after a few days. In a cookie like that also interests of the user can be stored, which are used for range measurements or marketing purposes. Cookies are called „third party cookie“ when they are offered from other providers than the responsible for the online presence (in the other case, when these are only the cookies from the responsible they are called „first party cookies“).

I can use temporary and permanent cookies and disclose about the use in the context of my declaration about data protection.

If the users do not want cookies to be stored on their devices, they are asked to deactivate the respective options in the system configuration of their browsers. Stored cookies can be deleted in the system configuration of the browser. The exception of cookies can lead to reduced functions of this online presence.

A general objection against cookies used for online marketing can be declared at a variety of services, especially in case of tracking, via the US american based page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. Furthermore the storage of cookies can be prevented by deactivating this function in the settings of the browser. Please note that in this case not all functions of this online presence may be usable.

Deletion of data

The data processed by me are deleted or restricted in their processing according to the measures of Art. 17 and 18 GDPR. If not stated explicitly within this declaration about data protection, the data saved by me are deleted as soon as they are no longer necessary for their purpose and there are no legal obligations to retain data standing against the deletion. If the data are not deleted because they are needed for other and legally allowed purposes, their processing will be restricted. That means the data will be gesperrt and will not be processed for other purposes. This is the case for e.g. data that are required to be stored in terms of commercial and fiscal law purposes.

According to legal requirements in Germany the storage time is notably 6 years according to § 257 Abs. 1 HGB (account books, Inventories, opening balances, annual balance sheets, business letters, accounting records etc.) as well as 10 years according to § 147 Abs. 1 AO (books, records, progress reports, accounting records, business letters, documents relevant for fiscal purposes etc.).

According to legal requirements in Austria the storage time is notably 7 years according to § 132 Abs. 1 BAO (accounting records, receipts/invoices, accounts, receipts, business documents, listing of receipts and expenditures etc.), for 22 years in conjunction with estates and for 10 years for documents in conjunction with electronically delivered services, telecommunication, broadcast and television services, which are delivered to non-entrepreneurs in EU member states and for which the mini one-stop-shop (MOSS) is made use of.

Hosting

The hosting services used by me serves for the provision of the following services: Infrastructure and platform services, calculating power, storage space and database services, security services and technical maintenance services, which I use for the purpose of this online presence.

Here I, respectively my hosting provider, process inventory data, contact data, content data, contract data, user figures, meta and communication data of interested parties and visitors of this online presence based on our legitimate interests on an efficient and secure provision of this online presence according to Art. 6 Abs. 1 lit. f GDPR i.V.m. Art. 28 GDPR (conclusion of contract for commissioned data processing).

Collection of access data and logfiles

I, respectively my hosting provider, collect data about every access to the server on which this service is located (so-called server logfiles), based on our legitimate interests according to Art. 6 Abs. 1 lit. f. GDPR data. Access data are next to the name of the called-ub website, data file, date and time of the call, transferred amount of data, message about successful call, browser type and version, operating system of the user, referrer URL (the previously visited site), IP address and the requesting provider.

For safety reasons (e.g. to clear up abuse or defraudation), logfiles are stored for a maximum duration of 7 days and then they are deleted. Data which are needed to be stored for proof of evidence, are exempted from deletion until the final clearance of the respective incident.

Contact request

If you contact me (e.g. via e-mail, phone or social media) the informations for handling the contact request are processed according to Art. 6 Abs. 1 lit. b) GDPR. The informations of the users can be stored in a Customer Relationship Management system ("CRM system") or similar.

I delete the requests as soon as they are no longer needed. I check the necessity every two years; furthermore the compulsory archiving is applicable.

Integration of services and contents of third parties

Inside my online presence and based on my legitimate interests (d.h. Interesse an der Analyse, Optimierung und wirtschaftlichem Betrieb unseres Onlineangebotes im Sinne des Art. 6 Abs. 1 lit. f. GDPR) I use the content and service offers of third parties, to embed their content and services, e.g. videos or fonts (consecutively and uniformly called "contents").

This implies that the third party provider of these contents notice the IP address of the users, because without the IP address they cannot send these contents to their browsers. The IP address therefore is necessary for the display of these contents. I make efforts to only use such contents where their providers only uses the IP address for the delivery of their contents. Third party providers furthermore can use so-called pixel-tags (invisible graphics, also called "web beacons") for statistical and marketing purposes. Through the "pixel tags" informations like visitor traffic on the pages of this website can be evaluated. The pseudonymous informations can furthermore be stored on cookies on the device of the users and can contain among others technical information related to browser and operating system, redirecting websites, visiting time and other information for the use of my online presence, as well as being connected with such informations from other sources.

Vimeo

I embed videos from the platform "Vimeo" of the provider Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Data protection declaration: https://vimeo.com/privacy.

Youtube

I embed videos from the platform "YouTube" of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Amended by the website owner
Generated with Datenschutz-Generator.de by RA Dr. Thomas Schwenke