1. Name and Address of the Data Controller
The data controller, within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws, is responsible for the above-mentioned entity.
2. Name and Address of the Data Protection Officer
The data protection officer of the data controller is:
3. General Information about Data Processing
3.1. Scope of Personal Data Processing
We generally only collect and use personal data of users of our website to the extent necessary for providing a functional website, our content, and services.
The collection and use of personal data of our users generally require their consent. An exception to this principle applies in cases where data processing is permitted by legal regulations or obtaining prior consent is not possible for factual reasons.
3.2. Legal Basis for Personal Data Processing
Art. 6(1)(a) GDPR, if the data subject has given consent.
Art. 6(1)(b) GDPR, for the performance of a contract to which the data subject is a party. This also includes processing operations that are necessary for the performance of pre-contractual measures.
Art. 6(1)(c) GDPR, for compliance with a legal obligation.
Art. 6(1)(d) GDPR, to protect vital interests of the data subject or another natural person.
Art. 6(1)(f) GDPR, if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
3.3. Data Erasure and Storage Duration
Personal data of users will be deleted or blocked as soon as the purpose of storage no longer applies. Further storage may take place if provided for by the European or national legislator in Union regulations, laws, or other provisions to which the data controller is subject. Blocking or deletion of the data also occurs when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for conclusion or performance of a contract.
4. Use of Our Website, General Information
4.1. Description and Scope of Data Processing
When accessing our website, our system automatically collects data and information from the user's computer system. The following information is collected:
4.2. Purpose and Legal Basis for Data Processing
The temporary storage of the IP address by our system is necessary to deliver the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. The data is also used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.
The collection of your personal data for the provision of our website and the storage of data in log files is strictly necessary for the operation of the website. Therefore, users do not have the option to object.
4.3. Duration of storage
Your data will be deleted as soon as it is no longer necessary for the purpose of its collection. If your data is collected to ensure the provision of the website, the data will be deleted when the respective session is terminated.
If your data is stored in log files, it will be deleted after a maximum of seven days. Extended storage is possible, but the IP addresses of the users will be deleted or anonymized in this case. The identification of the accessing client is no longer possible.
The legal basis for the processing of personal data using cookies for analysis and advertising purposes is Art. 6(1)(a) of the General Data Protection Regulation (GDPR) when the user has given their consent.
5.1. Cookie consent with Usercentrics
When you visit our website, the following personal data is transferred to Usercentrics:
Your consent(s) or revocation of your consent(s), your IP address, information about your browser, information about your device, and the time of your visit to the website.
Furthermore, Usercentrics stores a cookie in your browser to associate the granted consents or their revocation with you. The data collected in this way is stored until you request deletion, delete the Usercentrics cookie yourself, or the purpose of data storage ceases to exist. Mandatory legal retention periods remain unaffected.
"Usercentrics" uses the Google Cloud Platform provided by Google Ireland Limited. The server locations are in Frankfurt and Belgium. In this context, a transfer to a third country, specifically the USA, cannot be ruled out. However, we have entered into a data processing agreement and standard data protection contract clauses with the provider.
You can view and adjust your cookie settings there.
The legal basis for the storage of cookies, device identifiers, similar tracking technologies, and the storage of information on the user's device and access to this information is the European ePrivacy Directive in conjunction with the Telecommunications and Telemedia Data Protection Act (TTDSG).
Please note that the legal basis for the processing of personal data collected in this context is derived from the GDPR (Art. 6(1) sentence 1 of the GDPR). The specific legal basis for the processing of personal data can be found below each respective cookie or processing.
The primary legal basis for the storage of information on the user's device, particularly for the storage of cookies, is your consent under § 25(1) sentence 1 of the TTDSG. Consent is given when visiting our website, although it is not mandatory, and can be revoked at any time in the cookie settings.
According to § 25(2) no. 2 of the TTDSG, consent is not required when the storage of information on the user's device or access to information already stored on the user's device is strictly necessary for the provider of a telemedia service to provide a telemedia service explicitly requested by the user. You can check the cookie settings to see which cookies are classified as strictly necessary (often referred to as "technically necessary cookies"), fall under the exception of § 25(2) TTDSG, and therefore do not require consent.
6. Your Rights / Data Subject's Rights
6.1. Right to Information
You have the right to obtain information from us as the data controller about whether and which personal data concerning you is being processed by us, as well as further information in accordance with the legal requirements under Art. 13 and 14 of the GDPR.
You can exercise your right to information by contacting:
6.2. Right to Rectification
If the personal data concerning you processed by us is incorrect or incomplete, you have the right to have it rectified and/or completed. Rectification will be carried out without undue delay.
6.3. Right to Restriction
You have the right to restrict the processing of your personal data in accordance with the legal provisions (Art. 18 of the GDPR).
6.4. Right to Erasure
Subject to the conditions set out in Art. 17 of the GDPR, you may request the immediate erasure of personal data concerning you.
We would like to inform you that the right to erasure does not exist to the extent that processing is necessary for one of the exceptions specified in Art. 17(3).
6.5. Right to be Informed
If you have exercised your right to rectification, erasure, or restriction of processing, we are obligated to inform all recipients to whom the personal data concerning you has been disclosed about such rectification or erasure of data or restriction of processing, unless this proves impossible or involves a disproportionate effort. Furthermore, you have the right to be informed about these recipients.
6.6. Right to Data Portability
According to the GDPR, you also have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request the transmission of such data to another controller.
6.7. Right to Withdraw Consent
You have the right to withdraw your consent to data protection at any time. Please note that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
6.8. Right to Object
Furthermore, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) of the GDPR.
6.9. Automated Individual Decision-Making, Including Profiling
Under the EU General Data Protection Regulation, you also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
6.10. Right to Lodge a Complaint with a Supervisory Authority
If you believe that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement.
7. Transfer of Data Outside the EU
The GDPR ensures an equally high level of data protection within the European Union. Therefore, when selecting our service providers, we prefer European partners wherever possible if your personal data is to be processed. Only in exceptional cases will we have your data processed outside the European Union when using services from third parties. We will only allow processing of your data in a third country if the specific requirements of Articles 44 onwards of the GDPR are fulfilled. This means that the processing of your data may only take place on the basis of special safeguards, such as an officially recognized determination of a level of data protection equivalent to that of the EU by the European Commission or the adherence to officially recognized specific contractual obligations, known as "standard data protection clauses."
EU-US Trans-Atlantic Data Privacy Framework
Within the framework of the so-called "Data Privacy Framework" (DPF), the EU Com-mission
You can subscribe to a free newsletter on our website, which will inform you about our current interesting offers. The advertised goods and services are specified in the consent declaration. The data you enter in the input mask during registration will be transmitted to us.
Based on your consent obtained during the registration process, we collect the following data:
Your data will not be disclosed in connection with the processing of data for newsletter dispatch. The data will be used exclusively for the purpose of sending the newsletter.
8.2. Double Opt-In and Logging
The registration for our newsletter takes place in a double opt-in process. After registration, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent someone else from registering with your email address.
The newsletter registrations are logged in order to be able to provide evidence of the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation, as well as the IP address.
8.3. Legal Basis
The legal basis for processing the data, if the user has given their consent, is Art. 6(1)(a) of the GDPR. The collection of the user's email address is for the purpose of delivering the newsletter.
8.4. Deletion, Withdrawal, and Objection
Your data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. Your email address will be stored as long as the newsletter subscription is active. You can unsubscribe from the newsletter at any time by withdrawing your consent. Each newsletter contains a corresponding link for this purpose.
Furthermore, we would like to inform you that you can object to the future processing of your personal data in accordance with the legal requirements of Art. 21 of the GDPR at any time. The objection can be made, in particular, against processing for direct marketing purposes.
8.5. Mailing Service Provider
This website uses Sendinblue for the purpose of sending newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
Sendinblue is a service that can be used to organize and analyze the sending of newsletters, among other things. The data you enter for the purpose of subscribing to the newsletter will be stored on Sendinblue's servers in Germany.
Data analysis by Sendinblue
With the help of Sendinblue, we are able to analyze our newsletter campaigns. For example, we can see if a newsletter message has been opened and which links have been clicked. This allows us to determine which links have been clicked most frequently.
In addition, we can determine if certain predefined actions (conversion rate) have been taken after opening/clicking, such as making a purchase after clicking the newsletter.
Sendinblue also allows us to segment the newsletter recipients into different categories ("clustering"). For example, newsletter recipients can be segmented based on age, gender, or location. This allows us to better tailor the newsletters to the respective target audiences.
If you do not want your data to be analyzed by Sendinblue, you must unsubscribe from the newsletter. We provide a corresponding link in each newsletter message for this purpose.
For detailed information about the functions of Sendinblue, please refer to the following link: https://de.sendinblue.com/newsletter-software/.
The data processing is based on your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time. The revocation does not affect the lawfulness of the data processing carried out before the revocation.
The data you provide for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or until we or the newsletter service provider delete your data from the newsletter distribution list after unsubscribing. Data that has been stored for other purposes with us remains unaffected.
After you have been unsubscribed from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.
Conclusion of a contract for order processing
We have concluded a contract with Sendinblue in which we obligate Sendinblue to protect the data of our customers and not to disclose it to third parties.
9. Electronic contact
If you want to contact us, you have the option to contact us via the provided email address. In this case, the personal data of the user transmitted with the email will be stored.
Your data will not be disclosed to third parties in this context, and the data will be used solely for the purpose of processing the communication.
The legal basis for processing the contact request and its processing is typically Art. 6(1)(b) GDPR.
If additional personal data is processed during the sending process, it serves only to prevent misuse of the contact form and to ensure the security of our information technology systems.
Your data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is deemed to be ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
Any additional personal data collected during the sending process will be deleted no later than seven days after the end of the conversation.
10. Processing of data (customer and contract data)
We collect, process, and use personal data only to the extent necessary for establishing, structuring the content of, or modifying the legal relationship (inventory data). This is based on Art. 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. We only collect, process, and use personal data regarding the use of our website (usage data) to the extent necessary to enable the user to use the service or to bill the user.
The collected customer data will be deleted after the completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
10.1. Online reservation
For online reservations, we use the services of our software partner:
ORACLE Deutschland B.V. & Co.KG
10. Career portal
On this website, we display job offers that interested parties can apply for via email. Unsolicited applications can also be sent to us via email. In the event of an incoming application, we process the data received from the applicant solely for the purpose of processing and potentially filling the available position.
The primary legal basis for this is Art. 88 GDPR in conjunction with § 26(1) BDSG.
Within our company, only those individuals who are responsible for and have decision-making authority regarding the application process have access to your personal data.
We delete your personal data as soon as it is no longer necessary for the purposes mentioned above. If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with legal regulations. If no employment contract is concluded with the applicant, the application documents will be deleted no later than six months after the rejection decision is communicated, unless there are other legitimate interests of the data controller that oppose deletion. Such other legitimate interests may include, for example, an obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).
Your personal data will not be disclosed to third parties.
11. Google Tag Manager
This website uses Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags that may collect data. Google Tag Manager does not access this data. If a deactivation is made at the domain or cookie level, it applies to all tracking tags implemented with Google Tag Manager.
The legal basis for the use of the technically necessary cookie is the legitimate interest of the website operator according to Art. 6(1)(f) of the GDPR.
12. Web Analytics
12.1. Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies," which are text files placed on your computer, to help analyze how users use the website. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. However, if IP anonymization is enabled on this website, Google will truncate your IP address beforehand within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. On behalf of the website operator, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics will not be associated with any other data held by Google.
You can prevent the storage of cookies by adjusting your browser software accordingly; however, please note that if you do this, you may not be able to use the full functionality of this website. You can also opt-out of data collection by Google Analytics and prevent the processing of data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
This website uses Google Analytics with the "_anonymizeIp()" extension. IP addresses are truncated and processed further in an anonymized form to prevent direct association with individuals. If any personally identifiable information is collected, it will be immediately deleted.
We use Google Analytics to analyze and improve the usage of our website. The statistics obtained help us improve our offering and make it more interesting for users. The legal basis for the use of Google Analytics is your consent according to Art. 6(1)(a) of the GDPR.
Information from the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Terms of Service: http://www.google.com/analytics/terms/en.html
13. Social Media
13.1. Social Media Platforms
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
13.2. Social Media Presence
We maintain fan pages on various social networks and platforms with the aim of communicating with active customers, prospects, and users, and informing them about our services. We would like to point out that your personal data may be processed outside the European Union, which may pose risks to you (e.g., regarding the enforcement of your rights under European/German law). User data is typically processed for market research and advertising purposes. For example, user behavior and resulting interests can be used to create user profiles. These user profiles can then be used to display advertisements within and outside the platforms that are likely to correspond to the users' interests. For these purposes, cookies are usually stored on users' computers to store their usage behavior and interests. Furthermore, data can be stored in the user profiles regardless of the devices used by the users (particularly if the users are members of the respective platforms and logged in).
The processing of users' personal data is based on our legitimate interests in effectively informing and communicating with users pursuant to Art. 6(1)(f) of the GDPR. If users are asked by the respective providers to give their consent to data processing (i.e., give their consent, for example, by checking a checkbox or confirming a button), the legal basis for processing is Art. 6(1)(a) of the GDPR.
For further information on the processing of your personal data and your options for objection, please refer to the links provided by the respective provider. Requests for information and other rights of data subjects can also be addressed to the providers, specifically those who have direct access to users' data and possess relevant information. We are available to answer any questions and provide assistance if needed.
With some social media platforms, a supplemental agreement is concluded when operating a fan page. According to this agreement, affected rights can generally be asserted both with the social media platform and with us. However, the primary responsibility under the GDPR for the processing of insights data lies with the social media platform, and it fulfills all obligations under the GDPR regarding the processing of insights data. In this context, the social media platform provides the essential aspects of the Page Insights supplement to the affected individuals.
As the operator of the fan page, we do not make decisions regarding the processing of insights data and all other information resulting from Art. 13 of the GDPR, such as the legal basis, the identity of the controller, and the storage duration of cookies on user devices.
14. Online Advertising
14.1. Google DoubleClick
Due to the marketing tools used, your browser automatically establishes a direct connection with Google's server. We have no control over the scope and further use of the data collected by Google through the use of this tool and therefore inform you to the best of our knowledge: By incorporating DoubleClick, Google receives information that you have accessed the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can associate your visit with your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will obtain and store your IP address.
You can prevent participation in this tracking procedure in various ways:
a) by adjusting your browser software accordingly, in particular by suppressing third-party cookies, you will not receive ads from third-party providers;
b) by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com," https://www.google.de/settings/ads, with this setting being deleted when you delete your cookies;
c) by deactivating interest-based ads from providers that are part of the self-regulatory campaign "About Ads" via the link http://www.aboutads.info/choices, with this setting being deleted when you delete your cookies;
d) by permanently deactivating them in your browsers Firefox, Internet Explorer, or Google Chrome using the link http://www.google.com/settings/ads/plugin. Please note that in this case, you may not be able to use all functions of this offer to their full extent.
The legal basis for processing your data is your consent under Art. 6(1)(a) of the GDPR.
Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org.