for the processing of data on our website and data collected there The following provides a brief overview followed by more detailed information.
A. Brief overview
B. Detailed information
Basic information on data processing: As a website operator, we take the protection of your personal data very seriously. We process personal data that is collected during a visit to our website in compliance with applicable data protection regulations. We do not publish or forward your data to third parties without your consent. Where regulations are quoted in brackets we are stating the legal grounds which justify the processing of data if personal data are processed as part of the respective operation.
I. Subject of data protection
Personal data are the subject of data protection. This information pertains to an identified or identifiable natural person. Unless identifiable in this document or for other reasons, we do not consider ourselves to be in a position to identify you. Article 6 (1) (b) GDPR (General Data Protection Regulation) is the legal basis for processing personal data required for the purposes of fulfilling a contract to which the data subject is a party. This also applies to processing operations required for the purposes of carrying out steps prior to entering into a contract. Article 6 (1) (c) GDPR is the legal basis for processing personal data that is required for the purposes of fulfilling a legal obligation that our company is subject to. In the event that vital interests of the data subject or another natural person require the processing of personal data, this is carried out on the legal basis of Article 6 (1) (d) GDPR. Should processing be required for the purposes of protecting a legitimate interest of our company or of a third party and the interests, basic rights and fundamental freedoms of the data subject not outweigh the first-mentioned interest, the legal basis for processing is Article 6 (1) (f) GDPR. The personal data of the data subject are erased or blocked as soon as the purpose of storage ceases to exist. Storage is permitted where it has been provided for by European or national legislators in union regulations, laws or other provisions to which the controller is subject to. Data are blocked or erased where a storage period prescribed by the specified standards expires, unless there is the need for continued data storage for concluding a contract or contractual performance.
II. Collection, use and storage of data when you visit our website
1. Our web servers
We use ALL-INKL.COM - Neue Medien Münnich as a web hosting provider for contract data processing, i.e. this company acts on our behalf to technically provide you with the website. We remain the controller responsible for you, which means the pronoun 'we' is also used in this document, although the specified company technically arranges this for us. When you visit our website, your full IP address is transmitted to us by your computer. We are only able to transmit the data of our website to you with this IP address so that the website can be displayed to you (Article 6 (1) (b) and (f) GDPR). It is necessary for the system to temporarily store the IP address to enable the website to be displayed on your computer. Your IP address may need to be stored for the duration of the session. As you have requested the website, this is a mutual legitimate interest. We need to send your IP address to the Internet provider so that the website data can be transmitted to you. Besides processing for the purposes of transmitting the data accessed, the full IP address will only be stored for seven days by our web hosting provider in order to initiate defensive measures, e.g. blocking of IP addresses, and, where applicable, criminal proceedings in the event of attacks on our IT system (Article 6 (1) (f) GDPR). Our legitimate interest stems from maintaining the functionality of the website. The IP address is truncated by the last digits after 7 days, which means that identification is no longer possible. In this case identification is not determined independently, but rather by the prosecution authorities to whom this data is transmitted. We store the referee, date and time of request, the access method/function desired by the requesting computer, input values (file name) transmitted by the requesting computer, the access status of the web server (transfer file, file not found, command cannot be executed, etc.), name of the requested file as well as your browser and operating system version. We do not store other personal data when pages are merely viewed. These data are not stored together with other personal data of the user. There is no possibility to object to processing as these processes are strictly necessary for the operation of the website. Please do not visit our website if you wish to object to processing. Your personal data are only used for the specified purposes and to the extent required for these purposes. Personal data are only transmitted to governmental institutions and authorities to the extent permitted by mandatory national legislation or where transmission is required in the event of attacks on our network infrastructure for the purposes of prosecution or criminal proceedings. Data are not transmitted to third parties for other purposes.
2. Involvement of third-party service providers
a. General information on use of Google services on our website
Google programs (plug-ins), otherwise known as Google services, are used on our website. These services are run by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you access a page on our website which contains such a plug-in, your browser creates a direct link to the Google server. The content of the plug-in is sent directly to your browser by the supplier involved, and is integrated in the page. By integrating the plug-ins, Google is informed that your browser has accessed the relevant page of our website, even if you do not have a Google profile or are not logged in at that point. This information (including your IP address) is sent directly from your browser to the Google server which may be located in the USA. It must be assumed that the data are also stored there. These data processing operations are executed in accordance with Article 6 (1) (f) GDPR for the purposes of maintaining, improving and enhancing Google services, providing personalised services, including content and advertising by Google, identifying, preventing and combating fraud, misuse, security risks and technical issues at Google. Google describes the use of data on the basis of its legitimate interests as follows: Data are processed for the purposes of
- providing, maintaining and improving our services to meet the needs of Google users
- developing new products and features that are useful to Google users
- providing insights into how people use Google services to guarantee and improve the provision of our services
- customising Google services to offer you a better user experience
- marketing to inform users about Google services
- advertising to provide an array of Google services to users for free
- detecting, preventing or otherwise combating fraud, security shortcomings or technical issues
- protecting the rights, property or security of Google, Google users or the public against losses, provided this is permitted or required by law
- conducting research to improve Google services for users and to benefit the public
- fulfilling obligations towards Google partners such as developers and copyright holders
b. Google Maps
We use the service Google Maps on our website to display an interactive map (Article 6 (1) (b), (f) GDPR). This is useful in the event that you wish to receive information about us or visit us so that you can use one single map to get your bearings both locally and nationally. Our legitimate interest is the provision of an interactive map for this purpose, as such a map could otherwise only be implemented with great technical difficulty. We are not informed when Google Maps is shown to you or you interact with it.
III. Cookies when visiting our website
A cookie is a piece of information in the form of a small file that the web server creates on the computer of the visitor. The web server can query the information again in the event of a future visit or continuation of the visit. Nowadays, cookies not only appear as direct web browser cookies, they are also stored within the context of flash animations or by means of advanced HTML storage technology (so-called HTML5 storage or local shared objects). We categorise cookies as follows:
Type A – Essential cookies: These cookies are essential in order to run websites and for their functions to work properly. The user-specific functions specified below cannot be provided in the absence of these cookies.
Type B – Functional cookies: These cookies enable us to make web pages easier to use, improve performance and provide a variety of functions. For example, information related to the identification of your shopping basket or your comparison list can be stored in functional cookies.
Cookie name: PHPSEDDID
Description of the cookie's purpose: It separates different connections from one another in order to display the requested information to each website visitor
Expiry date clarifying how long the cookie is stored: Deleted when the browser is closed
Legal basis: Section 6 (1) (b), (f) GDPR. Legitimate interest in error free operation of the website
Typical values, where applicable: None - random value
Option to object to processing: No
Most browsers accept cookies automatically. You can prevent cookies from being saved on your device by selecting "Do not accept any cookies" in your browser settings. You can delete cookies that have already been placed on your device at any time. See the links below for instructions on how to do this for the most commonly used PC/notebook browsers:
MOZILLA FIREFOX, link: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences - GOOGLE CHROME, link: https://support.google.com/accounts/answer/61416?hl=en - MICROSOFT INTERNET EXPLORER, link: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies# - APPLE SAFARI, link: https://support.apple.com/kb/PH19214?locale=en_US
Please refer to the instructions of your browser or mobile device for information on how to delete cookies on your mobile device.
IV. Your right of access, to rectification, of blocking, to erasure, completion, restriction of processing and data portability
In the following, we explain the rights that are only remotely applicable in relation to our website. Please note that you may have further rights in respect of other data processing operations. You have the right:
- to access the personal data processed by us pursuant to Article 15 GDPR. In particular, you can request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of a right to rectification, erasure, restriction of processing or to object to processing, the right to lodge a complaint with a supervisory authority, the origin of your data, if this was not collected by us, and on the existence of automated decision-making including profiling and, if applicable, meaningful information on the particulars;
- to request the immediate rectification of any incorrect personal data or completion of your personal data stored by us pursuant to Article 16 GDPR;
- to request the erasure of your personal data stored by us pursuant to Article 17 GDPR, unless processing is required for the purposes of exercising the right of freedom of expression and information, fulfilling a legal obligation, for reasons of public interest or asserting, exercising or defending legal claims;
- to request the restriction of processing of your personal data pursuant to Article 18 GDPR, insofar as the accuracy of data is contested by you, the processing is unlawful, you oppose the erasure of such data and we no longer require the data, however, you require these to assert, exercise or defend legal claims or you have objected to processing pursuant to Article 21 GDPR;
- to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that this is transmitted to another controller pursuant to Article 20 GDPR;
- to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR. You would generally contact the supervisory authority responsible for your usual residence or place of work.
- Provided that your personal data are processed on the basis of legitimate interests pursuant to Article 6 (1) sentence 1 (f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, insofar as there are reasons that result from your particular situation or you are objecting to direct advertising. In the latter case, you have a general right to object that is implemented by us without you providing details about your particular situation. If you would like to make use of your right to withdraw consent or object, a notification sent to the contact in our legal notice will suffice.
Your rights and the restrictions of your rights are set out in detail below:
1. Right of access
You can request that the controller confirms whether personal data concerning you are being processed. Should such processing exist, you may request access to the following information from the controller:
(1) the purposes for which the personal data are processed; (2) the categories of personal data that are processed; (3) the recipients or the categories of recipients to whom your personal data have been or will be disclosed; (4) the envisaged storage period for the personal data concerning you or, if specific information in this regard cannot be provided, criteria for determining the retention period; (5) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to this processing; (6) the existence of a right to lodge a complaint with a supervisory authority; (7) all available information on the origin of data where the personal data are not collected from the data subject; (8) the existence of automated decision-making including profiling pursuant to Article 22 (1) and (4) GDPR and – at least in these cases – meaningful information on the reasoning involved as well as the scope and intended effects of such processing for the data subject.
You have the right to request information on whether the personal data concerning you are transmitted to a third country or an international organisation. In this regard, you can request to be informed on the appropriate guarantees pursuant to Article 46 GDPR in the context of transmission.
2. Right to rectification
You have the right to rectification and/or completion with respect to the controller, provided that the processed personal data concerning you are incorrect or incomplete. The controller must rectify the data without undue delay.
3. Right to restriction of processing
You can request the restriction of processing of the personal data concerning you under the following conditions:
(1) where you contest the accuracy of the personal data concerning you for a period that allows the controller to check the accuracy of the personal data; (2) the processing is unlawful and you reject the erasure of the personal data and instead request the restriction of the use of the personal data; (3) the controller no longer requires the personal data for the purposes of processing, however, you require such data for the purposes of asserting, exercising or defending legal claims, or (4) where you have objected to processing pursuant to Article 21 (1) GDPR and it is uncertain whether the legitimate reasons of the controller outweigh your reasons.
If processing of the personal data concerning you has been restricted, these data may only be processed, except for the storage of such, with your consent or for the purposes of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of an important public interest of the European Union or a member state. If processing has been restricted pursuant to the aforementioned conditions, you will be informed by the controller before the restriction is lifted.
4. Right to erasure
a) Duty of erasure
You may request that the controller immediately erases the personal data concerning you, and the controller is required to erase these data immediately, provided that one of the following reasons applies:
(1) The personal data concerning you are no longer required for purposes for which they have been collected or processed in other ways. (2) You withdraw your content on which the processing pursuant to Article 6 (1) (a) or Article 9 (2) (a) GDPR is based, and there is no other legal basis for the processing. (3) You object to processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate reasons for processing, or you object to processing pursuant to Article 21 (2) GDPR. (4) The personal data concerning you have been processed unlawfully. (5) The erasure of the personal data concerning you is required for the purposes of fulfilling a legal obligation pursuant to European Union law or the law of the member states, to which the controller is subject. (6) The personal data concerning you have been collected in relation to offered services of the information society pursuant to Article 8 (1) GDPR.
b) Information transmitted to third parties
If the controller has disclosed personal data concerning you and he/she is required to delete these data pursuant to Article 17 (1) GDPR, he/she shall take necessary measures, including those of a technical nature, taking account of the available technology and the implementation costs to inform the controller responsible for data processing who processes the personal data that you as the data subject have requested that they erase all links to your personal data or copies or replications of these personal data.
The right to erasure does not exist insofar as the processing is required : (1) for the purposes of exercising the right to freedom of expression and information; (2) for the purposes of fulfilling a legal obligation that necessitates processing pursuant to the law of the European Union or the member states, to which the controller is subject, or for the purposes of carrying out a task that is in the public interest or takes place in the exercise of public authority that has been assigned to the controller; (3) for reasons of public interest in the area of public health pursuant to Article 9 (2) (h) and (i) as well as Article 9 (3) GDPR; (4) for archiving purposes in the public interest, scientific or historic research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, insofar as the right specified under section a) is likely to rule out or seriously impair the achievement of objectives of this processing, or (5) for the purposes of asserting, exercising or defending legal claims.
5. Right to information
If you have asserted the right to rectification, erasure or restriction of processing with respect to the controller, he/she shall be obligated to inform all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure of the data or restriction of processing, unless this proves to be infeasible or is associated with a disproportionate amount of effort. You have the right to be informed about these recipients by the controller.
6. Right to data portability
You have the right to receive the personal data concerning you that you provided the controller with in a structured, common and machine-readable format. Furthermore, you have the right to transmit these data to another controller without being hindered by the controller to whom the personal data have been provided, if
(1) processing is based on consent pursuant to Article 6 (1) (a) GDPR or Article 9(2) (a) GDPR or on a contract pursuant to Article 6 (1) (b) GDPR and (2) processing takes place by means of automated processes.
In exercising this right, you also have the right to effect that the personal data concerning you are directly transmitted from one controller to another, provided this is technically feasible. Freedoms and rights of other persons may not be harmed by this. The right to data portability does not apply to the processing of personal data that is required to carry out a task that is in the public interest or takes place in the exercise of public authority that has been assigned to the controller.
7. General information on your right to object
You have the right to object to the processing of personal data concerning you that takes place on the basis of Article 6 (1) (e) or (f) GDPR at any time for reasons arising from your specific situation; this also applies to profiling based on these provisions. We will no longer process the personal data concerning you, unless we can establish compelling legitimate grounds for processing that outweigh your interests. rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If personal data concerning you are processed for direct marketing purposes, you have the right to object to the processing of personal data concerning you for the purposes of such marketing at any time; this also applies to profiling, insofar as it is connected to such direct marketing. Should you object to processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for these purposes. You have the option of exercising your right to object by means of an automated procedure in which technical specifications are implemented in connection with the use of services of the information society notwithstanding Directive 2002/58/EC.
V. Links to websites of other providers
VI. Data Protection Officer, complaints, responsible body
Should you wish to lodge a complaint regarding data protection, you may contact our Data Protection Officer Claus Bauer, CerDat GmbH, Lindenstraße 11, 68309 Mannheim, telephone: +49 (0) 621 43028454, e-mail: Claus.Bauer@cerdat.de or the supervisory authority. The supervisory authority for Baden-Württemberg, the federal state where we are headquartered, is the State Office for Data Protection and Freedom of Information, Königstrasse 10 a, 70173 Stuttgart, website: https://www.baden-wuerttemberg.datenschutz.de/
Without prejudice to any other administrative or judicial remedies, you have the right to lodge a complaint with a supervisory authority, particularly in the member state where you reside, work or the presumed infringement took place in the event that you take the view that the processing of personal data concerning you violates the GDPR. The supervisory authority with which the complaint was lodged will inform the complainant about the status and results of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR. We are the responsible body, i.e. the operator of this website pursuant to the legal notice.
VII. Your questions and updated information