Protection de données
1) Information concerning the gathering of personal data and contact details by the controller
1.1 We are glad that you are visiting our website and thank you for your interest. Below we inform you about how your personal data is used when you visit our website. By personal data we mean all data by which you can be personally identified.
1.3 The controller has appointed a data protection officer for this website. He can be contacted as follows: "Christian Martsch, Lechstraße 28, 90451 Nürnberg, E-Mail: firstname.lastname@example.org"
2) Data gathering when visiting our website
If you simply visit our website in order to inform yourself, i.e. if you do not register or otherwise provide us with any information, we only gather the data which your browser transmits to our server (so-called “server log files“). When you visit our website, we collect the data which is technically necessary for us in order to be able to show you the website:
- our visited website
- date and time the website was accessed
- amount of data sent (in bytes)
- the source/link used to access the web page
- the browser which was used
- the operating system which was used
- the IP address used (under circumstances anonymised)
Processing is carried out in accordance with Art. 6 (1) lit f EU GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. Data is neither passed on nor used for any other purposes. We reserve the right, however, to check the server log files if there should be any concrete evidence of unlawful usage.
In order to make the visit to our website more attractive and to enable the use of certain functions, we use so-called cookies on a number of pages. These are small text files that are stored on your device. Some of the cookies we use are deleted again at the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device and enable us or partner companies (third-party cookies) to recognize your browser the next time you visit us (persistent cookies). If cookies have been stored, they gather and process on an individual scale specific user information such as browser and location data as well as the IP address. Persistent cookies are automatically deleted after a specified period which varies from cookie to cookie.
If personal data is gathered and processed by individual cookies which we may implement, the processing takes place in accordance with Art. 6 (1) lit f EU GDPR in order to safeguard our legitimate interest in ensuring the best possible functionality of the website as well as the customer-friendly and effective design of the website.
Under circumstances we may work together with advertising partners who help us to make our web presence more interesting for you. For this purpose, when you visit our website, cookies from partner companies are also stored on your hard drive (third-party cookies). If we cooperate with the aforesaid advertising partners, you will be informed individually and separately about the implementation of such cookies and the amount of information gathered in the paragraphs below.
Please note that you can set your browser in such a way that you are informed when a cookie is to be stored and decide from case to case whether to accept or decline them, in particular cases or generally. Every browser is different in the way it manages the cookie settings. This is described in the Help menu of each browser where you can find out how you can change your cookie settings. You can find them for the respective browser under the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Please note that the functionality of our website may be limited if cookies are not accepted.
Personal data will be gathered when you contact us (e.g. when you use the contact form or send us an email). Which data is collected when you use the contact form is apparent from the respective contact form. This data is stored and used solely for the purpose of answering your questions or for getting in contact with you and the technical administration related to it. The legal basis for the processing of the data is our legitimate interest in answering your questions in accordance with Art. 6 (1) lit f EU GDPR. If you contact us with the aim of concluding a contract, the additional legal basis for processing is Art. 6 (1) lit b EU GDPR. Your data will be deleted after the final processing of your request. This is the case if it is clear from the circumstances that the issue at hand has been conclusively clarified and that there are no legal obligations to keep the data.
5) Use of single sign-on procedures
On our website you can create a customer account or register using the social plug-in “Facebook Connect” of the Facebook social network, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”). You can use the so-called single sign-on technology to log in if you already have a Facebook account. You can recognise the social plug-ins of “Facebook Connect” on our website by the blue button with the Facebook logo and the sign “Mit Facebook anmelden” or “Connect with Facebook”or “Log in with Facebook” or “Sign in with Facebook”.
If you open a page of our website and it contains such a plug-in, your browser will establish a direct connection to the servers of Facebook. The content of the plug-in is transmitted directly from Facebook to your browser and integrated into the page. By means of this integration, Facebook receives the information from the website page that your browser opened, even if you do not have a Facebook profile or are not currently logged-in to your Facebook account. This information, including your IP address, is transmitted from your browser directly to a Facebook server in the USA and stored there. These data processing operations are carried out in accordance with Art. 6 (1) lit f EU GDPR on the basis of the legitimate interest of Facebook in providing you with personalized advertizing based on your surfing behaviour.
By using this “Facebook Connect” button on our website you also have the possibility of logging in or registering on our website via your Facebook user data. Only if you have given your explicit consent in accordance with Art. 6 (1) lit a EU GDPR and depending on your own data protection settings for Facebook, we will receive the general and public information contained in your profile. This information includes the user ID, the name, the profile picture, the age and the gender.
Your given consent can be revoked at any time by sending a message to the person responsible who was named at the beginning of this declaration.
Facebook Inc., with its headquarters in the USA, is certified for the US-European data protection framework “Privacy Shield” which guarantees compliance with the level of data protection in force in the EU.
If you do not want Facebook to assign the data collected via our website directly to your Facebook profile, you must log out of Facebook before you visit our website. You can also completely prevent the loading of the Facebook plug-ins by your browser by using an add-on for your browser such as “Adblock Plus” (https://adblockplus.org/de/).
6) Use of your data for direct advertising
6.1 Signing up for our email newsletter
If you subscribe to our email newsletter, we will send you regular information about our offers. The only obligatory information necessary for sending the newsletter is your email address. The disclosure of further information is optional and will only be used in order to address you more personally. For the sending of the newsletter, we use the so-called double opt-in procedure. This means that we will not send you an email newsletter until you have explicitly confirmed that you want to receive them. We will send you a confirmation email, asking you to confirm that you want to receive newsletters from us in the future by clicking on the appropriate link.
By clicking on the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) lit a EU GDPR. When registering for the newsletter, we will store your IP address, as registered by your Internet service provider (ISP), as well as the date and time of your registration in order to be able to track any possible misuse of your email address at a later date. The data collected by us when you subscribe to the newsletter is used exclusively for advertising purposes by way of the newsletter. You can unsubscribe from the newsletter at any time by using the link provided in the newsletter or by sending a corresponding message to the responsible person mentioned above. After you have cancelled your subscription, your email address will be immediately deleted from our newsletter mailing list unless you have explicitly agreed to a further use of your data which is legally permitted and which we inform you about in this declaration.
6.2 Newsletters via CleverReach
Our email newsletters are dispatched by the technical service provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede (“CleverReach“) and when you subscribe we pass on the data you provided us with to them. This passing on of information takes place in accordance with Art. 6 (1) lit f EU GDPR and serves our legitimate interest in using a promotionally effective, secure and user-friendly newsletter system. The data you enter in order to receive the newsletter (e.g. your email address) is stored on the servers of CleverReach in Germany or Ireland.
CleverReach uses this information for the dispatch and statistical evaluation of the newsletter on our behalf. For the purpose of evaluation, the emails contain so-called web beacons or tracking pixels which are one pixel image files which are stored on our website. These can be used to determine whether a newsletter message has been opened and which links have been clicked. With the help of so-called conversion tracking, it is also possible to analyse whether a pre-defined action has taken place after a link in the newsletter has been clicked. In addition, technical information is also collected (e.g. time of retrieval, IP address, browser type and operating system). The data is gathered pseudonymised and are not linked to your other personal data. A direct link to a specific individual is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to adapt future newsletters better to the interests of the recipients.
If you do not agree to the data analysis for the purposes of statistical evaluation, you must cancel your newsletter subscription.
We have concluded an order processing contract with CleverReach which obliges CleverReach to protect the data of our customers and not to pass them on to third parties.
For further information on the data analysis of CleverReach, please read here:
7) Implementation of social media: videos
Implementation of YouTube videos
This website implements the YouTube embedding feature to show and display videos from the provider “YouTube”, which belongs to Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
This uses the extended privacy mode, which, according to the provider’s information, does not store user information until the video is played back. When embedded YouTube videos are played back, the provider, YouTube, implements cookies in order to gather information about user behaviour. According to YouTube, they are used, amongst other things, to gather video statistics, improve user-friendliness and prevent improper use. If you are logged in to Google, your data will be assigned directly to your account when you click on a video. If you do not want this assigned to your YouTube profile, you must log out before you activate the button. Google stores your data (even for users who are not logged in) as user profiles and evaluates them. Evaluation of this kind takes place in particular in accordance with Art. 6 (1) lit f EU GDPR on the basis of Google’s legitimate interest in presenting you with personalised advertising, carrying out market research and/or designing its website in order to meet needs. You have the right to object to the creation of these user profiles but you must approach YouTube to exercise these rights.
Regardless of whether you start the embedded video or not, every time you open the website a connection will be made to the Google network “DoubleClick“. This can trigger further data processing procedures, over which we have no influence.
Google LLC, based in the USA, is certified for the US-European Data Protection Framework “Privacy Shield” which ensures compliance with the level of data protection in force in the EU.
For more information on YouTube’s private policy, please refer to the provider’s statements at: https://www.google.de/intl/de/policies/privacy
8) Web analysis services
Google (Universal) Analytics
- Google Analytics
This website uses Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses so-called “cookies“, text files which are stored on your computer and which permit an analysis of your use of the website. The information generated by the cookie about your use of the website (inclusive of the abbreviated IP address) is transmitted as a rule to a Google server in the USA and stored there.
This website uses Google Analytics only with the extension “_anonymizeIp()“, which ensures the anonymisation of the IP address by means of abbreviation and excludes a direct link to a specific person. By means of the extension, your IP address is shortened by Google within member states of the EU or in other contracting countries under the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. In these exceptional cases the processing takes place in accordance with Art. 6 (1) lit f EU GDPR on the basis of our legitimate interest in the statistical analysis of user behaviour for the purposes of optimization and marketing.
On our behalf Google uses this information to evaluate your use of the website in order to compile reports about the website activities and to provide us with further services related to the use of the website and the Internet. The IP address submitted by your browser within the framework of Google Analytics is not merged with other Google data.
You can prevent the storage of cookies by making the appropriate settings in your browser. However, we must point out that, in this event, you may not be able to use all of the functions of this website in full. You can also prevent Google from gathering the data generated by the cookie and the data related to your use of the website (including your IP address) as well as the processing of such data by using the browser plug-in which you can download and install by clicking this link:
Google LLC, based in den USA, is certified for the US-European Data Protection Framework “Privacy Shield” which ensures compliance with the level of data protection in force in the EU.
For more information about the handling of user data by Google Analytics, see Google’s private policy declaration: https://support.google.com/analytics/answer/6004245?hl=de
9) Tools and various
On our website we implement Google Maps (API) from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Maps is a web service which provides interactive maps to portray geographic information. By using this service you will be shown our exact location, making it easier to find and visit us.
When you access the subpages in which the maps from Google Maps are embedded, data about your use of our website (e.g. your IP address) will be sent to Google’s servers in the USA and stored there. This takes place regardless of whether Google provides a user account which you are logged in to, or if there is no user account. If you are logged in to Google, your data will be directly linked to your account. If you do not want this data assigned to your Google profile, you must log out before you activate the button. Google stores your data (even if you are not logged in) as user profiles and evaluates them. Evaluation of this kind takes place in particular in accordance with Art. 6 (1) lit f EU GDPR on the basis of Google’s legitimate interest in presenting you with personalised advertising, carrying out market research and/or designing its website in order to meet needs. You have the right to object to the creation of these user profiles but you must approach Google to exercise these rights.
Google LLC, based in the USA, is certified for the US-European Data Protection Framework “Privacy Shield” which ensures compliance with the level of data protection in force in the EU.
10) Rights of access by the data subject
10.1 The valid data protection laws grant comprehensive rights (information and intervention rights) to the data subject with regard to the processing of personal data by the controller. We would like to inform you of these rights below:
- Right of access in accordance with Art. 15 EU GDPR: You have, in particular, a right to be given information about the personal information processed by us, the purpose of processing, the categories of processed personal data, the recipients or categories of recipients to whom your data were or will be disclosed, the planned storage duration or the criteria for determining the storage duration, the existence of rights of rectification, erasure, restriction of processing, objection against processing, complaint to the supervisory authority, the origin of your data (if these were not gathered by us), information about the existence of an automated decision-making process, including profiling, and, where appropriate, meaningful information concerning the logic involved and the consequences for you and the intended purpose of such processing as well as your right to being informed about what guarantees you have (in accordance with Art. 46 EU GDPR) in the event of your data being forwarded to non-EU countries (“third countries”):
- Right to rectification in accordance with Art. 16 EU GDPR: You have a right to immediate rectification of any incorrect and/or incomplete data stored by us;
- Right to erasure in accordance with Art.17 EU GDPR: You have the right to demand the erasure of your personal data in the event of the grounds laid down in Art. 17 (1) EU GDPR. This right does not exist, in particular, if processing is necessary in order to exercise the right of freedom of expression and information, to comply with a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims.;
- Right to restriction of processing in accordance with Art. 18 EU GDPR: You have the right to demand the restriction of the processing of your personal data as long as the accuracy of this data, which has been contested by you, is being verified, when the processing of your data is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead, when your data is needed for the establishment, exercise or defence of legal claims, after the controller no longer needs these data because they have already served their purpose, or, when you have objected to processing on grounds relating to your particular situation, pending the verification whether the legitimate grounds of the controller override;
- Notification obligation in accordance with Art. 19 EU GDPR:
If you have asserted your right to rectification or erasure of personal data or restriction of processing, the controller is obliged to communicate the rectification or erasure of data to all recipients to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. The controller must inform you about those recipients if you request it.
- Right to data portability in accordance with Art. 20 EU GDPR: You have the right to receive your personal data, which you have provided to the controller, in a structured, commonly used and machine-readable format or to request the controller to transmit those data to another controller, as far as this is technically feasible.
- Right to withdraw consent in accordance with Art. 7 (3) EU GDPR: If you have already given your consent to the processing of data, you have the right to withdraw this consent at any time, effective from the point of time of withdrawal. In the event of withdrawal, we will delete the data in question immediately as long as there is no legal basis for further processing without consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
- Right to lodge a complaint in accordance with Art. 77 EU GDPR: If you are of the opinion that the processing of your personal data infringes the EU GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement.
10.2 RIGHT TO OBJECT
IF; IN THE CONTEXT OF A BALANCING OF INTERESTS; WE PROCESS YOUR PERSONAL DATA ON ACCOUNT OF OUR PREDOMINANTLY LEGITIMATE INTEREST; YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME AND WITH FUTURE EFFECT ON GROUNDS RELATING TO YOUR PARTICULAR INTERESTS.
IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL TERMINATE THE PROCESSING OF THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE THAT THERE ARE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDOM OR WHEN PROCESSING IS FOR THE PURPOSE OF ESTABLISHING, EXERCISING AND DEFENDING LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF THE PERSONAL DATA WHICH CONCERNS YOU FOR THE PURPOSE OF SUCH ADVERTISING AT ANY TIME AS DESCRIBED ABOVE.
IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL TERMINATE THE PROCESSING OF THE DATA CONCERNED FOR THE PURPOSES OF DIRECT ADVERTISING.
11) Duration of the storage of personal data
The duration of the storage of personal data is determined by the respective statutory retention period (e.g. business and tax-related retention periods). At the end of that period the respective data are routinely deleted as long as they are no longer necessary for the fulfilment of a contract and/or there is no further legitimate interest on our part in their further storage.
“In the event of a credit risk, we will pass on your data (name, address, mail address, company details and, where applicable, contract details and details of the claim) to IHD Gesellschaft für Kredit und Forderungsmanagement mbH, Augustinusstr. 11 B, 50226 Frechen, and, if necessary, to any further co-operating credit agencies for the purpose of a credit check, to check whether the indicated address is correct and for the purpose of debt collection processing. The legal basis for passing on this data is Art. 6 (1) lit b EU GDPR and Art. 6 (1) lit f GDPR. Data may only be passed on on the basis of Art. 6 (1) lit f EU GDPR if it is necessary in order to pursue the legitimate interests of our company and does not outweigh the interests or fundamental rights or fundamental freedom of the person concerned, which demand the protection of that personal data.
“In order to reach decisions concerning the justification, execution and termination of a contract, we also use automatedly generated probability values, the calculation of which may, for example, take address data into consideration.”
Detailed information about the IHD, our contracting partner within the meaning of Art 14 EU GDPR, i.e. the , business purpose, the purpose of data storage there, the legal basis, the data recipients of the IHD, the right to information stored about oneself and the right of erasure and rectification as well as profiling can be viewed here: www.ihd.de/datenschutz/Artikel14.html
The information about their contracting partners in the credit agency sector can be found here: www.ihd.de/datenschutz#vertragspartner