Data Protection Policy

The RENAIO Assets GmbH takes the protection of your personal data very seriously. We handle your personal data in full compliance with the European and national statutory data protection regulations.

After giving us consent to collect and process your personal data, you are free to withdraw that consent at any time, at which point we will not collect or process any further personal data concerning you. To withdraw your consent, please write directly to our Data Protection Officer named in Section 1.

The following information will provide you with an overview of the type of personal data we collect, how it is used and shared, which security measures are taken to protect your personal data and how you can find out which of your personal data we have collected.

Lawfulness of Processing Personal Data Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) stipulates when we must obtain your consent to process your personal data.

Article 6 (1) (b) of the GDPR governs the processing of personal data as necessary for the performance of a contract to which the person concerned is party. This also applies to any processing needed to take steps prior to entering into a contract.

Article 6 (1) (c) of the GDPR justifies processing personal data when it is necessary for compliance with any legal obligation to which we are subject.

Article 6 (1) (f) of the GDPR sets forth that processing is lawful when it is necessary for the purposes of the legitimate interests pursued by the RENAIO Assets GmbH or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the person concerned.

 

Storing and Deleting Personal Data

Your personal data will be deleted or blocked as soon as the purpose for which it was stored has been served. Personal data may be stored beyond this point in time to comply with any EU ordinances, laws or other regulations imposed by European or national legislatures to which we are subject. Personal data will also be blocked or deleted once the standard storage deadline has been reached, unless it is necessary to retain it to perform or conclude a contract with that party.

 

Section 1: The Data Protection Officer or Controller

Name and address of the Data Protection Officer

The party responsible for data processing, as required by the General Data Protection Regulation (which refers to said party as the “controller”) and the data protection laws of other Member States, as well as other data protection regulations, is:

Christian Heimann
RENAIO Assets GmbH
Viktoriastr. 3b
86150 Augsburg
Germany

Phone: +49 821 899 845 90
E-mail: info@renaio.de
Website: www.renaio.de

 

Section 2: Definition of terms

This Data Protection Policy uses on the terms employed by the European Union legislature in its EU General Data Protection Regulation (hereinafter referred to as the “GDPR”). To make our Data Protection Policy easier to read and understand, we explain the most important terminology below:

  1. “Personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  2. The “data subject” is any identified or identifiable natural person whose personal data is processed by the person responsible for processing personal data (“controller”).
  3. “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  4. “Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
  5. “Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  6. “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  7. “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  8. “Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
  9. “Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
  10. “Consent” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

Section 3: Providing access to our website and creating log files

Personal data is stored in log files to ensure the proper functioning of our website. This also serves to help us optimize the website and ensure the security of our IT systems. Your data is not used for marketing purposes, though this would also constitute a lawful purpose with respect to our legitimate interests in data processing as defined in Article 6 (1) (f) of the GDPR.

1. When you merely visit our website without registering or sending us information by other means, your internet browser automatically transmits the following data to our web server:

  1. The IP address of the requesting computer
  2. Identification data of your browser and version of that browser used
  3. Your operating system as user
  4. Your internet service provider as user
  5. Date and time of access
  6. The website(s) from which you access our website
  7. Websites you accessed through our own website
  8. Content retrieved (specific URLs)
  9. Transmitted data volumes
  10. Language and version of your browser*
  11. Search engines used
  12. Names of downloaded files

 

2. This data is stored in our system’s log files, but it is never stored alongside your other personal information.

3. The legal basis for temporarily storing this data in log files is Article 6 (1) (f) of the GDPR.

4. It is necessary for our system to store your IP address temporarily so that we can

  1. grant your computer access to the website. Your IP address must be stored for the duration of your website visit.
  2. optimize the content of our website and any related marketing
  3. ensure the proper functioning of our IT systems and the technology used on our website
  4. provide the data required for criminal prosecution to law enforcement agencies in the event of a cyberattack

5. This data is deleted as soon as it is no longer needed to fulfill the purpose of its collection – in this case as soon as your visit to our website is over. Data stored in log files is deleted no later than seven days after your visit. In certain cases, it is stored beyond this time period. In such event, the IP addresses are deleted or made anonymous so that it is no longer possible to attribute them to you.

6. The recording of this data to enable use of the website and the storage of this data in log files is absolutely necessary for the operation of the website, which is why you as the user have no right of objection.

 

Section 4: Use of Cookies

1. This website uses so-called “cookies”. Cookies are small text files which are sent from the web server to the browser on your end device (PC, notebook, table, smartphone etc.) and stored there, allowing our website to receive specific information. These cookies serve to make our website more user-friendly and secure, specifically by collecting information related to website usage, such as frequency of use, number of users per URL and how the URL is used. These cookies do not harm your computer in any way and do not contain any viruses. They contain a series of characters (the so-called “cookie ID”) that make it possible to clearly identify the browser should you visit our website again.

2. We use cookies to make our website more user-friendly. Certain elements of our website require them to be able to identify your browser when you move from one URL to another. The following data is stored and transmitted in the cookies:

  • Language settings
  • Articles in your shopping cart
  • Log-in information

We also use cookies on our website that make it possible to analyze your search history. This may include the following data:

  • Search terms entered
  • Frequency of URL requests
  • Use of website functions

The data collected in this manner is automatically pseudonymized (given a pseudonym) as a precautionary measure. This makes it impossible to attribute the data to you. This data is not stored alongside other personal information. When you access our website, an info-banner will inform you of our use of cookies for analytical purposes and refer you to this Data Protection Policy. It will also indicate that you can prevent the storage of cookies in your browser settings.

The legal basis for processing personal information through the use of cookies is Article 6 (1) (f) of the GDPR.

The legal basis for processing personal information through the use of required technical cookies is Article 6 (1) (f) of the GDPR.

The legal basis for processing personal information through the use of cookies for analytical purposes with the user’s consent is Article 6 (1) (a) of the GDPR.

3. The purpose of required technical cookies is to simplify use of our website. Certain functions within our website cannot be provided without the use of such cookies. They are needed for our system to recognize your browser after changing URLs.

4. We need cookies to provide the following applications:

  • Shopping cart
  • Accepting your language settings
  • Remembering search terms

The user data collected through required “technical cookies” is not employed to create user profiles. Some technical cookies are not required but serve to improve the quality of our website and its content. By using “analytical cookies”, we learn how our website is used and this helps us consistently optimize our online offering. [More precisely,] This information allows us to recognize when you revisit our website with the same end-device and simplifies your navigation therein. These also constitute lawful purposes with respect to our legitimate interests in processing personal information as defined in Article 6 (1) (f) of the GDPR.

5. Cookies remain stored on your browser after your visit is over and can be accessed when you revisit our website. Note that they are stored on your computer, which sends them to our website. Therefore, you have full control over the use of cookies. If you wish not to have data collected through cookies, you can change the settings on your computer under “Settings” to any of the following options: you will be informed of the placement of cookies, you prohibit the placement of cookies in general, or you can delete individual cookies. Please note, however, that deactivating cookies may restrict the use of certain functions on our website. With respect to “session cookies”, these are automatically deleted when you leave our website.

 

Section 5: Newsletter

1. With your consent, you can subscribe to our newsletter free of charge. This allows us to inform you of our latest interesting offers. The advertised goods and services are listed in the declaration of consent. We use a so-called double-opt-in process to subscribe to our newsletter. What this means is that, after registering, we will send an email to the address you give us which will contain a link you must use to confirm that you wish to receive our newsletter. If you do not confirm your interest within [24 hours] after registering, your registration information will be ignored and then automatically deleted after one month. We also store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to verify your registration and to determine if your personal information has been misused should there be any question.

The only information required for sending you our newsletter is your email address. Any other information shared is done voluntarily and will only be used to address you personally.

This information is used solely for the purpose of sending our newsletter.

2. We collect your email address so that we can send you the newsletter. Other personal data collected during the registration process serves to prevent the misuse of the service or the given email address.

3. This data will be deleted as soon as it is no longer necessary for the purposes for which it was collected. Your email address will therefore only be stored for the duration of your newsletter subscription.

4. You can end your newsletter subscription at any time, thereby revoking your consent, by clicking on the “Unsubscribe” button attached to every newsletter, sending us an email or submitting a message using the contact information indicated in our Imprint with instructions to end your subscription.

5. We engage a third-party service provider to send out our newsletters. We have concluded a separate order data processing agreement in order to guarantee that your personal data is protected. At present, we are working with the following service provider:

CleverReach GmbH & Co. KG
Mühlenstr. 43
26180 Rastede
Tel.: +49 (0) 4402 97390-00
E-Mail: info@cleverreach.com

For this purpose, we transmit the following personal data to CleverReach:

  • Name
  • Email address
  • IP address

You can find more information about CleverReach’s data protection policies online at www.cleverreach.com/de/datenschutz/.

 

Section 6: Sharing Personal Data with Third Parties

Integrating YouTube Videos

1. We’ve embedded YouTube videos on our website. The videos are stored online at www.YouTube.com and can be played directly on our website. They are all under expanded data protection mode, meaning that no user data is transmitted to YouTube if you do not play the videos. Only when you play with video(s) will the data listed in paragraph 2 be transmitted. We have no influence over this data transmission. By visiting the website, YouTube receives the information that you have viewed that page on our website.

The following information is transmitted in such cases:

  • Device-specific information, such as the hardware used, the version of your operating system, device identifier, and information about your mobile service, including your telephone number.
  • Protocol information in the form of servicer protocols. These include other details on the manner in which the service was used, such as search enquiries, IP addresses, hardware settings, browser type, browser language, date and time of time of enquiry, originating site, and cookies that can be used to clearly identify your browser or your Google account
  • Location-related information. Information about your current location may be recorded through Google. This includes, for example, your IP address, your wireless access points or cell towers
  • You can find more information about data collected by Google LLC at the following link:

https://policies.google.com/privacy?hl=de&gl=de.This will occur whether or not you have a user account at YouTube and whether or not you have logged into said account. If you are logged into Google, your data will be directly attributed to your account.

2. The legal basis for processing users’ personal data is Article 6 (1) (f) of the GDPR. Google also processes your personal data in the US and has agreed to comply with the EU-US Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.

3. The integration of videos serves to make the website livelier for the user and to improve the website’s ranking on Google’s search engine. YouTube saves your data as a use profile and employs it for the purposes of advertising, market research and/or redesigning its website to better meet demand. It is analyzed particularly (even for users who aren’t logged in) to deliver more relevant advertising and to inform other social media users of your activities on our website.

4. If you wish not to have your activity attributed to your YouTube profile, you must first log out before viewing the videos.

5. You have the right to object to the creation of a user profile, but you must exercise this right directly with YouTube.

6. You can obtain more information about the purpose and scope of data collection and processing by YouTube in its data privacy policy. There you will learn more about your rights and settings options for protecting your privacy: www.google.de/intl/de/policies/privacy.

7. Links to external websites This website contains links to third-party websites. We are responsible for the content on our own website. However, we have no influence on the content of third-party websites and we are therefore not responsible for it. In particular, we disavow all content on third-party websites. Once you follow a link to a third-party website, the data protection policies of the operator of that website immediately apply. Should you discover illegal or inappropriate activities or content on one of these websites, feel free to inform us of this fact. We will review the content and react appropriately (according to the “notice and takedown procedure”).

Integration of Fonts

1. Google Web Fonts: This website uses so-called “web fonts” provided by Google to achieve a uniform look. When you visit our website, your browser loads the necessary web fonts into its cache, so that it can show the text and fonts correctly. To do so, your browser has to connect to the Google servers. This lets Google learn that you’ve viewed our website using your IP address. Google web fonts are used to give our online products and services a uniform and attractive appearance. This constitutes a lawful purpose with respect to our legitimate interests in processing personal information as defined in Article 6 Sec. 1 lit. f of the GDPR. If your browser does not support web fonts, your computer will use a standard recognized font.

You will find more information about Google fonts online at developers.google.com/fonts/faq and in Google’s data privacy policy at www.google.com/policies/privacy/

2. Web fonts: To achieve a uniform look, this website uses so-called “web fonts” provided by the Monotype Imaging Inc. or one of its subsidiaries MyFonts Inc. or Linotype (address: 600 Unicorn Park Drive, Woburn, MA 01801, USA). When you visit our website, your browser loads the necessary web fonts into its cache, so that it can show the text and fonts correctly. To do so, your browser has to connect to the Monotype servers. This lets Monotype learn that you’ve viewed our website using your IP address. Monotype web fonts are used to give our online products and services a uniform and attractive appearance. This constitutes a lawful purpose with respect to our legitimate interests in processing personal information as defined in Article 6 (1) (f) of the GDPR. If your browser does not support web fonts, your computer will use a standard recognized font.

Monotype does not collect or store any personal data. You’ll find more information about Monotype’s data privacy policy online at www.monotype.com/de/rechtshinweise/datenschutzrichtlinie/web-font-tracking-privacy-policy/.

 

Section 7: Contact Form and Email Contact

1. There is a contact form on our website you can use to make digital contact with us. If you use this form, the information you enter will be transmitted to use and we will save it. When you press “Send”, the following data will also be stored:

  • Your IP address
  • Date and time of registration

When you press Send, you will be asked for your consent and referred to this Data Protection Policy.

Alternatively, you can send us an email at the stated address. In this case, the personal data transmitted with the email will be saved.

Should the matter concern channels of communication (for example, email address, telephone number), you also consent to us contacted you via these channels to respond to your topic of concern.

In this event, this personal data will not be shared with third parties. It will be used solely to process the conversation.

2. The legal basis for processing personal information with the user’s consent is Article 6 (1) (a) of the GDPR. The legal basis for processing personal information through the sending of email messages is Article 6 (1) (f) of the GDPR. Article 6 (1) (b) of the GDPR also applies when the aim of the email contact is to conclude a contract.

3. The personal data you input into the form is only processed to handle your contact request. The data taken from your email enquiry is naturally solely used for the reasons you have contacted us. When you contact us by email, we have a legitimate interest in processing the personal data so that we may respond. The other personal data processed during the contact procedure serves to prevent misuse of the contact form and ensure the security of our IT systems.

4. The data will be deleted as soon as it has served the purpose for which it was collected. With respect to the personal data entered into the contact form or sent via email, this is the case once that conversation with the user is over. The conversation is considered over when the circumstances make it clear that the matter concerned has been satisfactorily clarified.

5. You have the option at all times to withdraw your consent to the processing of your personal data. Contact us by email to object to the storage of your personal data at any point in time. In such cases, we cannot respond as the conversation will be terminated. If you would like to withdraw your consent or object to the storage of your personal data, please contact our Data Protection Officer indicated in Section 1 by email or post. In this event, all personal data stored as a result of your contact will be deleted.

 

Section 8: Web Analysis Using Google Analytics (with Pseudonymization)

1. We use Google Analytics and Google Remarketing on our website. These are services provided by Google LLC (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to analyze users’ online surfing behavior. The software places a cookie on your computer (see above for an explanation of “cookies”. When you view individual URLs on our website, the following data is stored:

  1. Two bytes of your computer system’s IP address
  2. The URL viewed
  3. The URLs to which and from which you transferred
  4. The time spent viewing our website and the abort rate
  5. The viewing frequency of the website
  6. The visitors’ country and region of origin, language, browser, operating system, screen resolution, use of Flash or Java
  7. Search engines and search terms used

The data collected through the cookie concerning the user’s use of the website is typically transferred to Google’s servers in the US and stored there.

This website uses Google Analytics’ IP address anonymization option (_anonymizelp). This commands the software not to store the entire IP address, but to replace the final digits with zeros, which makes it impossible to attribute the stored IP address with the computer used to view our website. Only in exceptional cases will the full IP address first be transferred to Google’s servers in the US and then anonymized there. However, the IP address transmitted by your browser by Google Analytics will not be amalgamated with other Google data. Google will also share this data with third parties to the extent allowed by law or to any third party that is processing the data under contract with Google. Please note that Google has its own privacy policy (http://www.google.de/intl/de/privacy.html) which is completely independent of ours. We accept no responsibility or liability for Google’s guidelines or procedures.

Google only uses the (anonymous) data collected on behalf of the website operator to analyze how the website is used. It creates various reports of website activities and performs other services for the website operator related to the use of the website and the internet.

Third-party providers, including Google, place internet ads on websites. Third-party providers, including Google, use stored cookies to activate these ads based on prior visits to the website by the same users.

As a member of the Google Partner network, Google Remarketing technology makes it possible to address users who have already visited our website or used our online services with targeted advertising. This advertising is in turn inserted using cookies, as described above, which allow us to analyze user behavior when you visit our website and can subsequently be used to make targeted product recommendations and marketing that matches your interests.

2. The legal basis for processing your personal data is Article 6 (1) (f) of the GDPR. For the exceptional cases in which personal data is transferred to the US prior to being made anonymous, Google has agreed to comply with the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

3. On our behalf, Google uses this data to analyze your use of our website and to create reports of website activities. The information in these reports enables us to understand how the individual elements within our website are used. This helps us consistently improve the user-friendliness of our website. This constitutes a lawful purpose with respect to our legitimate interests in processing personal information as defined in Article 6 (1) (f) of the GDPR. By making the IP address anonymous, we protect the users’ personal data and therefore their interests to a satisfactory extent.

4. The data is deleted as soon as it is no longer needed for the purposes for which we recorded it. In this case, it is deleted after 26 months.

5. The deployed cookies are stored on your computer where they transmit information to our website. If you disagree with the collection and analysis of your usage data, you can change the settings in your browser software to prevent it by deactivating or restricting the use of cookies. Cookies already saved on your system can be deleted at any time. However, if you do so, there are certain features on our website that my not function to their full capacity.

You can also download and install the browser plugin available through the link below, which will prevent Google from recording or processing the personal and website usage data generated by the cookie (including your IP address). The current link is: tools.google.com/dlpage/gaoptout.

Alternatively, you can simply object to the use of cookies on our website by ticking the box below. In this case, our server will place a so-called “opt-out cookie” on your computer which will prevent the collection of any data concerning your visits to our website. Please note, however, that you will also delete this opt-out cookie if you delete all cookies on your computer, in which case you’ll have to go through this process again.

By clicking on the following link: Deactivate Google Analytics, you can prevent Google Analytics from recording your personal data. This will place an opt-out cookie on your computer, which will prevent the future collection of your personal data when you visit our website.

6. The third-party provider is Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436-1001. You can find more information about their terms of use at www.google.com/analytics/terms/de.html, in the data privacy overview at www.google.com/intl/de/analytics/learn/privacy.html and in Google’s Data Privacy policy at www.google.de/intl/de/policies/privacy.

 

Section 9: Integration of Google Maps

1. We feature Google Maps on our website. This allows us to show interactive maps directly within our website and lets you use the convenient map functions.

2. When you visit our website, Google is informed which specific URLs you view. Also, any data collected during your visit to our website is transmitted. This will occur whether or not you have a user account at Google whether or not you have logged into said account. If you are logged into Google, your data will be directly attributed to your account. If you wish not to have your activity attributed to your Google profile, you must first log out before activating the button. Google saves your data as a usage profile and employs it for the purposes of advertising, market research and/or redesigning its website to better meet demand. It is analyzed particularly (even for users who aren’t logged in) to deliver more relevant advertising and to inform other social media users of your activities on our website. You have the right to object to the creation of a user profile, but you must exercise this right directly with Google.

3.  You can obtain more information about the purpose and scope of data collection and processing by the plug-in provider in its data privacy policy. There you will learn more about your rights and settings options for protecting your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the US and has agreed to comply with the EU-US Privacy-Shield, www.privacyshield.gov/EU-US-Framework.

 

Section 10: Social Media Plug-ins

General information about social media plug-ins (social plug-ins):

 

1. Facebook

This website uses a social plug-in from the social media network Facebook (Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA). The plug-in allows you to place bookmarks on the website and to share these bookmarks with other Facebook users. You will recognize the plug-in because it bears the Facebook logo or the typical “Like” button. You’ll find an overview of the Facebook plug-in online at developers.facebook.com/docs/plugins/.

We use a so-called “two-click solution” for this plug-in. It means that, when you visit our website, no personal data is initially shared with Facebook. We give you the option of communicating directly with Facebook using the plug-in button. Only if you click on that button will Facebook be informed that you viewed the corresponding URL on our website. This data transmission will occur whether or not you have a Facebook account or you are logged into it.

If you click on the Facebook “Like” button while you are logged into your Facebook account, you can link the content of this website to your Facebook profile. In this case, Facebook can attribute your visit to our website to your user account. If you click the activated button, for example, to link the URL, Facebook then also stores this information in your user account and shares it publicly with your contacts.

We recommend that you regularly log out after using a social network, particularly before activating the button, so that you can prevent this from being attributed to your social media profile.

If you are not a member of Facebook or you’ve logged out of Facebook before visiting our website, there is still a possibility that Facebook will learn and store your IP address. If you wish to prevent Facebook from attributing your visit to our website to your Facebook user account, you must log out of Facebook before visiting our website and you may not use the plug-in (press the “Like” button).

In general, the following data is transmitted to Facebook:

  • Browser-related data like your IP address, browser type, operating system, the time and date of your visit and the URLs viewed.
  • User ID (when you are logged into your Facebook account)

According to Facebook, the IP addresses are immediately made anonymous in Germany after being collected. Therefore, when you use the plug-in, your personal data is transmitted to Facebook and then stored in the US. Since Facebook primarily collects data through cookies, we recommend that you delete all cookies using your browser’s security settings before clicking on the grayed-out box.

We have no influence over the data collected or its processing, nor are we aware of the full scope of data collection, the purposes for which it is processed or the duration which it is retained. In addition, we have no information about how to delete data collected by Facebook.

Facebook saves your personal data as a usage profile and employs it for the purposes of advertising, market research and/or redesigning its website to better meet demand. It is analyzed particularly (even for users who aren’t logged in) to deliver more relevant advertising and to inform other social media users of your activities on our website. By integrating the plug-in, we give you the option to interact with other social media networkers and users, so that we can improve our online offering and make it more interesting for you as a user.

The legal basis for using plug-ins is Article 6 (1) (a) of the GDPR. Facebook has agreed to comply with the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

You have the right to object to the creation of a user profile, but you must exercise this right directly with Facebook.

It is possible to change the settings and object to data usage for advertising purposes within the Facebook profile settings online at www.facebook.com/settings. You’ll find more information about the purpose and scope of data collection and processing as well as your rights within and with respect to Facebook online at www.facebook.com/policy.php, www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other and www.facebook.com/about/privacy/your-info.

 

2. Google+1

This website uses the Google+1 social plug-in from Google LLC (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The plug-in allows you to place bookmarks on the website and to share these bookmarks with other social network users. You will recognize the plug-in through its “+1” icon. You’ll find an overview of the Google plug-in and its appearance online at developers.google.com/+/web/.

We use a two-click solution for this plug-in. It means that, when you visit our website, no personal data is initially shared with Google. We give you the option of communicating directly with Google using the plug-in button. Only if you click on that button will Google be informed that you viewed the corresponding URL on our website. If you click on the “+1” button while you are logged into your Google account, you can link the content of this website to your Google profile. In this case, Google can attribute your visit to our website to your user account. If you click the activated button, for example, to link the URL, Google then also stores this information in your user account and shares it publicly with your contacts. We recommend that you regularly log out after using a social network, particularly before activating the button, so that you can prevent this from being attributed to your social media profile.

In general, the following data is transmitted to Google:

  • Device-related data like the hardware used, the operating system version, device identifier and information about your cellular service, including your telephone number;
  • Protocol data in the form of server protocols. These include, inter alia, details about the way the services were used, such as search queries; IP address; hardware settings; browser type; browser language, date and time of visit, originating URL, cookies that can be used to identify your browser or your Google account
  • Location-related data. Google may record information about your actual location at the time of your visit, including your IP address, your wireless access point or the local cell tower.
  • You’ll find other information that may be collected by Google LLC online at the following link: policies.google.com/privacy.

When you use the plug-in, your personal data is transmitted to Google and then stored in the US. Since Google primarily collects data through cookies, we recommend that you delete all cookies using your browser’s security settings before clicking on the grayed-out box.

We have no influence over the data collected or its processing, nor are we aware of the full scope of data collection, the purposes for which it is processed or the duration which it is retained. In addition, we have no information about how to delete data collected by Google.

Google saves your personal data as a usage profile and employs it for the purposes of advertising, market research and/or redesigning its website to better meet demand; it may also share this data with partner companies. The data is analyzed particularly (even for users who aren’t logged in) to deliver more relevant advertising and to inform other social media users of your activities on our website. By integrating the plug-in, we give you the option to interact with other social media networkers and users, so that we can improve our online offering and make it more interesting for you as a user.

The legal basis for using plug-ins is Article 6 (1) (a) of the GDPR. Google has agreed to comply with the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

You have the right to object to the creation of a user profile, but you must exercise this right directly with Google.

You’ll find more information about the purpose and scope of data collection and processing as well as your rights within and with respect to Google online at https://www.google.com/policies/privacy/partners/?hl=de .

 

3. Twitter

 

This website uses functions granted by the service provider Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA). Using Twitter and the “Re-Tweet” icon allows you to follow a post or an URL through Twitter or to link the URLS you visit to your Twitter account and share them with other users. You will recognize the plug-in through its “Re-Tweet” icon or the typical little blue bird. You’ll find an overview of the Twitter buttons and their appearance online at http:// twitter.com/about/resources/buttons.

We use a two-click solution for this plug-in. It means that, when you visit our website, no personal data is initially shared with Twitter. We give you the option of communicating directly with Twitter using the plug-in button. Only if you click on that button will Twitter be informed that you viewed the corresponding URL on our website. If you click on the Re-Tweet button while you are logged into your Twitter account, you can link the content of this website to your Twitter profile. In this case, Twitter can attribute your visit to our website to your user account. If you click the activated button, for example, to link the URL, Twitter then also stores this information in your user account and shares it publicly with your contacts. We recommend that you regularly log out after using a social network, particularly before activating the button, so that you can prevent this from being attributed to your social media profile.

In general, the following data is transmitted to Twitter:

  • IP address, browser type, the time and date of your visit, the originating URL, your operating system, screen resolution.
  • Link between this data and your account data with the social media operator

When you use the plug-in, your personal data is transmitted to Twitter and then stored in the US.

We have no influence over the data collected or its processing, nor are we aware of the full scope of data collection, the purposes for which it is processed or the duration which it is retained. In addition, we have no information about how to delete data collected by Twitter.

Twitter saves your personal data as a usage profile and employs it for the purposes of advertising, market research and/or redesigning its website to better meet demand. The data is analyzed particularly to deliver more relevant advertising and to inform other social media users of your activities. By integrating the plug-in, we give you the option to interact with other social media networkers and users, so that we can improve our online offering and make it more interesting for you as a user.

The legal basis for using plug-ins is Article 6 (1) (a) of the GDPR. Twitter has agreed to comply with the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

You have the right to object to the creation of a user profile, but you must exercise this right directly with Twitter.

You’ll find more information about the purpose and scope of data collection and processing as well as your rights within and with respect to Twitter online at twitter.com/privacy. You may change your data privacy settings at Twitter at any time by going to twitter.com/account/settings.

 

4. Instagram

 

This website uses the Instagram social plug-in from Instagram Inc. (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA). The plug-in allows you to place bookmarks on the website and to share these bookmarks with other social network users. You will recognize the plug-in through its square camera icon, sometimes appearing with the text “Instagram”.

We use a two-click solution for this plug-in. It means that, when you visit our website, no personal data is initially shared with Instagram. We give you the option of communicating directly with Instagram using the plug-in button. Only if you click on that button will Instagram be informed that you viewed the corresponding URL on our website. This data transmission will occur whether or not you have an Instagram account or you are logged into it.

If you click on the Instagram button while you are logged into your Instagram account, you can link the content of this website to your Instagram profile. In this case, Instagram can attribute your visit to our website to your user account. If you click the activated button, for example, to link the URL, Instagram then also stores this information in your user account and shares it publicly with your contacts. We recommend that you regularly log out after using a social network, particularly before activating the button, so that you can prevent this from being attributed to your social media profile.

If you are not a member of Instagram or you’ve logged out of Instagram before visiting our website, there is still a possibility that Instagram will learn and store your IP address. If you wish to prevent Instagram from attributing your visit to our website to your Instagram user account, you must log out of Instagram before visiting our website and you may not use the plug-in. In general, the following data is transmitted to Instagram:

IP address, browser type, the time and date of your visit, the originating URL, your operating system, screen resolution.

Link between this data and your account data with the social media operator

When you use the plug-in, your personal data is transmitted to Instagram and then stored in the US.

We have no influence over the data collected or its processing, nor are we aware of the full scope of data collection, the purposes for which it is processed or the duration which it is retained. In addition, we have no information about how to delete data collected by Instagram.

Instagram saves your personal data as a usage profile and employs it for the purposes of advertising, market research and/or redesigning its website to better meet demand. The data is analyzed particularly (even for users who aren’t logged in) to deliver more relevant advertising and to inform other social media users of your activities. By integrating the plug-in, we give you the option to interact with other social media networkers and users, so that we can improve our online offering and make it more interesting for you as a user.

The legal basis for using plug-ins is Article 6 (1) (a) of the GDPR. Instagram has agreed to comply with the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

You have the right to object to the creation of a user profile, but you must exercise this right directly with Instagram.

You’ll find more information about the purpose and scope of data collection and processing as well as your rights within and with respect to Instagram online at instagram.com/about/legal/privacy/.

 

Section 11: Children

Our website is designed for adults. Persons under 18 years of age should not transmit any personal data without the consent of their parents or guardians.

 

 

Section 12: Rights of the Data Subject

When your personal data is processed, you as the data subject have certain rights vis-à-vis the controller (the party processing that data), as set forth in the GDPR:

  1. Right to information
  2. Right to rectification
  3. Right to restriction of processing
  4. Right to erasure
  5. Right to notification
  6. Right to data portability
  7. Right to object to processing
  8. Right to withdraw consent to processing
  9. Right not to be subject to automated decision-making
  10. Right to lodge a complaint with a supervisory authority

1. Right to information

 

  1. You may request confirmation from our controller concerning whether we are processing any of your personal data. If this is so, you may at any time request information free of charge concerning what personal data of yours we have stored, as well as the following information:
    1. the purposes of the processing;
    2. the categories of personal data concerned;
    3. the recipients or categories of recipient to whom the personal data have been or will be disclosed;
    4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    5. the existence of the right to request from the controller rectification or erasure of your personal data or restriction of processing of your personal data or to object to such processing;
    6. the right to lodge a complaint with a supervisory authority;
    7. where the personal data is not collected from you, any available information as to its source;
    8. the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
  1. Where personal data is transferred to a third country or to an international organization, you have the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer.

 

2. Right to rectification

You have the right to obtain from the controller without undue delay the rectification of your personal data should it be inaccurate or incomplete.

 

 

3. Right to restriction of processing

  1. You have the right to obtain from the controller the restriction of processing of your personal data without undue delay where one of the following applies:
    1. if you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of your personal data;
    2. the processing is unlawful and you oppose the erasure of your personal data and request the restriction of its use instead;
    3. the controller no longer needs your personal data for the purposes of the processing, but you require it for the establishment, exercise or defense of legal claims;
    4. you have objected to processing pursuant to Article 21 (1) of the GDPR pending the verification whether the legitimate grounds of the controller override your own.
  1. Where processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If you have obtained restriction of processing pursuant to the aforementioned requirements, you shall be informed by the controller before the restriction of processing is lifted.

 

4. Right to erasure

  1. You have the right to obtain from the controller the erasure of your personal data without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
    1. Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
    2. You withdraw consent on which the processing is based according to point Article 6 (1) (a), or Article 9 (2) (a) of the GDPR, and where there is no other legal ground for the processing;
    3. You object to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) of the GDPR;
    4. Your personal data has been unlawfully processed;
    5. Your personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
    6. Your personal data has been collected in relation to the offer of information society services referred to in Article 8 (1) of the GDPR.

Where the controller has made your personal data public and is obliged pursuant to Article 17 (1) of the GDPR to erase your personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, your personal data.

  1. The right to erasure does not apply to the extent that processing is necessary:
    1. for exercising the right of freedom of expression and information;
    2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    3. for reasons of public interest in the area of public health in accordance with Article 9 (2) points (h) and (i) as well as Article 9 (3) of the GDPR;
    4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) of the GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
    5. for the establishment, exercise or defense of legal claims.

5. Right to notification

If you have exercised your right to rectification or erasure of personal data or restriction of processing, the controller shall communicate said rectification, erasure or restriction to each recipient to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform you about those recipients if you request this information.

 

6. Right to data portability

  1. You have the right to receive any personal data you have provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided, where:
    1. the processing is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) (a) of the GDPR or on a contract pursuant to Article 6 (1) (b) of the GDPR; and
    2. the processing is carried out by automated means.
  1. In exercising your right to data portability, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. This may not adversely affect the rights and freedoms of others.
  2. The exercise of this right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  3. You as data subject may contact the controller at any time to exercise your right to data portability.

 

 

7. Right to object

  1. You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6 (1) (e) or (f) of the GDPR, including profiling based on those provisions.
  2. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
  3. Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.
  4. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
  5. You may exercise your right to object at any time by contacting our Data Protection Officer directly.

 

8. Right to withdraw consent to processing

You have the right to withdraw your consent to processing your personal data at any time. Withdrawing your consent does not affect the lawfulness of any processing undertaken before you withdraw consent. You may contact our Data Protection Officer to withdraw your consent.

 

9. Automated individual decision-making, including profiling

  1. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
    1. is necessary for entering into, or performance of, a contract between you and a data controller;
    2. is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
    3. is based on your explicit consent.
  2. These decisions may not be based on special categories of personal data referred to in Article 9 (1) of the GDPR, unless Article 9 (2) (a) or (g) of the GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
  3. In the cases referred to in points (a) and (c), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
  4. You may exercise your right not to be subject to automated decision-making at any time by contacting our Data Protection Officer directly.

 

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR. The supervisory authority with which you lodge the complaint shall inform you on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

 

Section 13: Changes to the Data Protection Policy

We reserve the right to change our data protection practices and policy to reflect any changes to the relevant laws or regulations or to better meet your needs. Any changes to our data protection practices will be announced here accordingly. Please check that you are reading the most current version of our Data Protection Policy.