Schaller & Groh GbR
Leimitzer Straße 26
95028, Hof, Germany
E-mail address: email@example.com
Link to the imprint: https://manurefetish.com/imprint/
types of data processed
– inventory data (e.g., personal master data, names or addresses).
– Contact data (e.g., e-mail, telephone numbers).
– Content data (e.g., text entries, photographs, videos).
– usage data (e.g., websites visited, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).
categories of affected persons
visitors and users of the online service (in the following we will refer to the affected persons collectively as “users”).
purpose of processing
– Provision of the online offer, its functions and contents.
– Answering contact questions and communicating with users.
– Safety measures.
– Range measurement/Marketing
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is any person who, directly or indirectly, in particular by means of association with an identifier such as a name, an identification number, location data, an online identifier (e.g., a name, an address, a telephone number, an e-mail address, an e-mail address, an e-mail address, a telephone number, an e-mail address, a telephone number, etc.) is identified as a natural person.B. Cookie) or to one or more specific characteristics that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
“processing’ means any operation or set of operations which is carried out with or without the aid of automated processes and which involves personal data. The term reaches far and encompasses practically every handling of data.
“pseudonymisation’ means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.
“profiling’ means any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movements of that natural person.
controller” means any natural or legal person, public authority, agency or body which alone or jointly with others determines the purposes and means of the processing of personal data.
“processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Applicable legal basis
In accordance with art. 13 DSGVO we inform you about the legal basis of our data processing. The following applies to users from the scope of the Basic Data Protection Regulation (DSGVO), i.e. the EU and the EEC, unless the legal basis is mentioned in the data protection declaration:
The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO;
The legal basis for the processing for the fulfilment of our services and the execution of contractual measures as well as the answering of inquiries is Art. 6 para. 1 lit. b DSGVO;
The legal basis for the processing for the fulfilment of our legal obligations is Art. 6 para. 1 lit. c DSGVO;
In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 (1) lit. d DSGVO serves as the legal basis.
The legal basis for the processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority entrusted to the controller is Art. 6 para. 1 lit. e DSGVO.
The legal basis for the processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f DSGVO.
The processing of data for purposes other than those for which they were collected is governed by the provisions of Art. 6 (4) DSGVO.
The processing of special categories of data (pursuant to Art. 9 para. 1 DSGVO) is governed by the provisions of Art. 9 para. 2 DSGVO.
We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, extent, circumstances and purposes of the processing, as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons.
Measures shall include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to, access to, inputting, disclosure, securing and separation of data. In addition, we have established procedures to ensure that data subjects’ rights are exercised, that data is deleted and that we react to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings.
Cooperation with contract processors, jointly responsible persons and third parties
If we disclose data to other persons and companies (contract processors, jointly responsible persons or third parties) within the scope of our processing, transfer them to them or otherwise grant them access to the data, this shall only take place on the basis of a legal permission (e.g.B. if a transfer of data to third parties, such as to payment service providers, is necessary for the performance of the contract), users have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
Insofar as we disclose, transmit or otherwise grant access to data to other companies of our group of companies, this is done in particular for administrative purposes as a legitimate interest and beyond that on a basis corresponding to the legal requirements.
Transmissions to third countries
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or if we do so as part of the use of third-party services or disclosure, or If data is transferred to other persons or companies, this will only take place if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, a legal obligation or on the basis of our legitimate interests. Subject to express consent or contractually required transfer, we process or allow the data to be processed only in third countries with a recognised level of data protection, which includes US processors certified under the “Privacy Shield” or on the basis of special guarantees, such as contractual obligations under so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO, information page of the EU Commission).
rights of the data subjects
right of access: You have the right to request confirmation as to whether data concerned are processed and to request information about these data as well as further information and copy of the data in accordance with the legal requirements.
Right of rectification: You have the right, in accordance with the law, to request the completion of the data concerning you or the rectification of the inaccurate data concerning you.
Right to deletion and limitation of processing: You have the right, in accordance with the statutory provisions, to demand that the data concerned be deleted immediately or, alternatively, to demand a limitation of processing of the data in accordance with the statutory provisions.
Right to data transfer: You have the right to receive the data concerning you which you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements or to demand its transfer to another responsible party.
Complaints to the supervisory authority: You also have the right to submit a complaint to the competent supervisory authority in accordance with the statutory provisions.
right of withdrawal
You have the right to revoke your consent with effect for the future.
Right of objection
Right of objection: You have the right to object at any time to the processing of your personal data for reasons arising from your particular situation, which takes place on the basis of Art. 6 Para. 1 lit. e or f DSGVO; this also applies to profiling based on these provisions. If the personal data concerning you are processed for the purpose of direct advertising, you have the right at any time to object to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is connected with such direct advertising.
Cookies and right of objection in the case of direct advertising
“Cookies” are small files that are stored on the computers of users. Different data can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after the user’s visit to an online service. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. The content of a shopping cart in an online shop or a login status, for example, can be stored in such a cookie. Cookies are referred to as “permanent” or “persistent” and remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. The interests of the users can also be stored in such a cookie, which are used for range measurement or marketing purposes. Third-Party-Cookie” are cookies that are offered by providers other than the person responsible for the online service (otherwise, if they are only their cookies, we speak of “First-Party Cookies”).
If users do not wish cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
Deletion of data
The data processed by us will be deleted in accordance with legal requirements or their processing will be restricted. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.
If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data which must be stored for reasons of commercial or tax law.
changes and updates to the data protection declaration
We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes in the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
Order processing in the online shop and customer account
We process the data of our customers in the context of the order processes in our online shop, in order to enable them to select and order the selected products and services, as well as their payment and delivery, or execution.
The processed data includes inventory data, communication data, contract data, payment data and the persons affected by the processing include our customers, interested parties and other business partners. Processing is carried out for the purpose of providing contractual services within the framework of operating an online shop, billing, delivery and customer services. We use session cookies to store the contents of the shopping cart and permanent cookies to store the login status.
Processing is carried out to fulfil our services and carry out contractual measures (e.g. carrying out order transactions) and insofar as it is required by law (e.g. legally required archiving of business transactions for trade and tax purposes). The information marked as necessary is required to substantiate and fulfil the contract. We only disclose the data to third parties within the scope of delivery, payment or within the scope of the statutory permits and obligations, and also if this is done on the basis of our legitimate interests, about which we inform you in the context of this data protection declaration (e.g., to legal and tax consultants, financial institutions, freight companies and authorities).
Users can optionally create a user account by viewing their orders in particular. Within the framework of registration, the required mandatory information will be communicated to the users. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data will be deleted with regard to the user account, subject to its retention is necessary for commercial or tax reasons. Information in the customer account remains until its deletion with subsequent archiving in the case of a legal obligation or our legitimate interests (e.g., in the case of litigation). It is the responsibility of the users to secure their data before the end of the contract in the event of termination.
Within the scope of registration and renewed registrations as well as use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. A passing on of these data to third parties does not take place in principle, unless it is necessary for the pursuit of our legal requirements as a justified interest or there is a legal obligation to do so.
The deletion takes place after the expiry of statutory warranty and other contractual rights or obligations (e.g, The necessity of data retention is reviewed every three years; in the case of data retention due to statutory archiving obligations, deletion shall take place after their expiration.
External payment service providers
We use external payment service providers whose platforms users and we can use to carry out payment transactions. These payment service providers may include, each with a link to the data protection declaration: NetDebit https://www.netdebit-payment.de/go/datenschutz/privacy_customer), Inet-Cash (https://www.inet-cash.com/static/newic/pdf/ic_privacy_en.pdf) Klarna (https://www.klarna.com/de/datenschutz/), Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/), Giropay (https://www.giropay.de/legal/data protection-agb/), Visa (https://www.visa.de/datenschutz), Mastercard (https://www.mastercard.de/de-de/datenschutz.html), American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html), Stripe (https://stripe.com/de/privacy).
Within the framework of the performance of contracts, we set payment service providers on the basis of Art. 6 para. 1 lit. b. DSGVO. In addition, we use external payment service providers on the basis of our legitimate interests pursuant to Art. 6 Para. 1 lit. f. of the German Stock Corporation Act (AktG). DSGVO in order to offer our users effective and secure payment options.
The data processed by the payment service providers includes inventory data such as name and address, bank data such as account or credit card numbers, passwords, TANs and checksums, as well as contract, sum and recipient details. The information is required to complete the transactions. However, the data entered will only be processed and stored by the payment service providers. This means that we do not receive any account- or credit card-related information, but only information with confirmation or negative information about the payment. The purpose of this transmission is to check identity and creditworthiness. Please refer to the general terms and conditions and data protection information of the payment service provider.
Payment transactions are subject to the terms and conditions and data protection notices of the respective payment service providers, which can be accessed within the respective websites or transaction applications. We refer to these also for the purpose of further information and assertion of revocation, information and other rights concerned.
Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks as well as organization of our operations, financial accounting and compliance with legal obligations, such as archiving. Here we process the same data that we process within the framework of the provision of our contractual services. The processing bases are Art. 6 para. 1 lit. c. DSGVO, Art. 6 para. 1 lit. f. DSGVO. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e. tasks which serve the maintenance of our business activities, performance of our tasks and provision of our services. The cancellation of the data with regard to contractual services and contractual communication corresponds to the data specified in these processing activities.
We disclose or transmit data to the tax authorities, consultants, such as tax consultants or auditors, as well as other fee offices and payment service providers.
Furthermore, on the basis of our business interests, we store information on suppliers, organisers and other business partners, e.g. for the purpose of establishing contact at a later date. The majority of this data, which is related to the company, is stored permanently by us.
Business analyses and market research
In order to be able to run our business economically, to recognise market trends, the wishes of contractual partners and users, we analyse the data available to us on business transactions, contracts, enquiries, etc., in order to be able to identify the most suitable and appropriate solutions. We process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 para. 1 lit. f. DSGVO, whereby the persons concerned include contractual partners, interested parties, customers, visitors and users of our online service.
The analyses are carried out for the purpose of economic evaluations, marketing and market research. We can take into account the profiles of registered users with information, e.g. on the services they have used. The analyses help us to increase user-friendliness, to optimise our range of products and services and to improve business efficiency. The analyses serve us alone and are not disclosed externally unless they are anonymous analyses with summarized values.
If these analyses or profiles are person-related, they will be deleted or anonymised upon termination by the user, otherwise after two years from the conclusion of the contract. In addition, the macroeconomic analyses and general trend definitions are prepared anonymously where possible.
Privacy notices in the application process
The application process requires that applicants provide us with the data required for their assessment and selection. Which information is required can be found in the job description or, in the case of online forms, in the information given there.
In principle, the required information includes personal information such as name, address, a contact option and proof of the qualifications required for a job. Upon request, we will also be happy to provide you with additional information.
If made available, applicants can submit their applications via an online form. The data will be transmitted to us encrypted according to the state of the art. Applicants can also send us their applications by e-mail. Please note, however, that e-mails on the Internet are generally not sent in encrypted form. As a rule, e-mails are encrypted during transport, but not on the servers from which they are sent and received. We can therefore accept no responsibility for the transmission path of the application between the sender and the reception on our server. Applicants are welcome to contact us for the method of submitting their application or to send us their application by post.
In the event of a successful application, the data provided by the applicants may be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicant’s data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, to which applicants are entitled at any time. Subject to a justified revocation by the applicant, the deletion will take place at the latest after the expiry of a period of six months, so that we can answer any follow-up questions regarding the application and comply with our duty of proof under the regulations on equal treatment of applicants. Invoices for any travel expense reimbursement are archived in accordance with the tax regulations.
The applicant’s data are processed on the basis of Art. 6 Para. 1 S. 1 lit. b DSGVO (application procedure as pre-contractual or contractual relationship). If special categories of personal data within the meaning of Art. 9 para. 1 DSGVO (e.g. health data, such as severely handicapped status or ethnic origin) are requested from applicants within the framework of the application procedure, so that the responsible person or the person concerned can exercise his/her rights arising from labour law and social security and social protection law and fulfil his/her duties in this regard, their processing shall be carried out in accordance with Art. 9 para. 2 lit. b. DSGVO, in the case of the protection of vital interests of applicants or other persons pursuant to Art. 9 para. 2 lit. c. DSGVO or for the purposes of preventive health care or occupational medicine, for the assessment of the employee’s ability to work, for medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector in accordance with Art. 9 Para. 2 lit. h. DSGVO. In the case of a communication of special categories of data based on voluntary consent, their processing is carried out on the basis of Art. 9 para. 2 lit. a. DSGVO.
In the case of the processing of applicant data in Germany, §§ 22, 26 BDSG.) also apply.
Users can create a user account. Within the scope of registration, the required mandatory data will be communicated to the users and processed on the basis of Art. 6 para. 1 lit. b DSGVO for the purpose of providing the user account. The processed data includes in particular the login information (name, password and an e-mail address). The data entered during registration will be used for the purposes of using the user account and its purpose.
Users may be informed by e-mail of information relevant to their user account, such as technical changes. If users have terminated their user account, their data will be deleted with regard to the user account, subject to a statutory retention obligation. It is the responsibility of the users to secure their data before the end of the contract in the event of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.
Within the scope of using our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. A passing on of these data to third parties does not take place in principle, unless it is necessary for the pursuit of our claims or there is a legal obligation according to art. 6 para. 1 lit. c. DSGVO. The IP addresses will be anonymized or deleted after 7 days at the latest.
comments and contributions
If users leave comments or other contributions, their IP addresses may be used on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. DSGVO for 7 days. This is done for our safety, if someone leaves illegal contents (insults, forbidden political propaganda, etc.) in comments and contributions. In this case we can be prosecuted ourselves for the comment or contribution and are therefore interested in the author’s identity.
Furthermore, we reserve the right, on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. DSGVO, to process the information provided by users for the purpose of spam detection.
The personal information provided in the course of comments and contributions, any contact and website information as well as the content information will be stored permanently by us until the user objects.
The follow-up comments can be subscribed by users with their consent according to art. 6 para. 1 lit. a DSGVO. Users will receive a confirmation email to verify that they are the owner of the email address entered. Users can unsubscribe from current comment subscriptions at any time. The confirmation email will contain information on the cancellation options. For the purposes of proving users’ consent, we store the time of registration along with the users’ IP address and delete this information when users unsubscribe.
You can cancel the receipt of our subscription at any time, i.e. revoke your consent. We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to provide evidence of prior consent. The processing of these data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that at the same time the former existence of a consent is confirmed.
h3 id=”dsg-gravatar”>Retrieval of profile pictures with Gravatar
We use the service Gravatar of Automattic Inc. within our on-line offer and in particular in the Blog, 60 29th Street #343, San Francisco, CA 94110, USA, a.
Gravatar is a service where users can register and store profile pictures and their e-mail addresses. If users leave contributions or comments with the respective e-mail address on other online presences (especially in blogs), their profile pictures can be displayed next to the contributions or comments. For this purpose, the e-mail address provided by the users is transmitted to Gravatar in encrypted form for the purpose of checking whether a profile is stored for it. This is the only purpose of transmitting the email address and it will not be used for other purposes, but deleted thereafter.
The use of Gravatar is based on our legitimate interests in the sense of Art. 6 Para. 1 lit. f) DSGVO, as we offer with the help of Gravatar the possibility to the authors of contributions and commentaries to personalize their contributions with a profile picture.
If users do not want a user image linked to their e-mail address to appear in the comments at Gravatar, they should use an e-mail address which is not stored at Gravatar for commenting. We would also like to point out that it is also possible to use an anonymous e-mail address or no e-mail address at all if users do not wish their own e-mail address to be sent to Gravatar. Users can completely prevent the transmission of data by not using our comment system.
retrieve emojis and smilies
The use of the Emojis is based on our legitimate interests, i.e. interest in an attractive design of our online offer according to Art. 6 Para. 1 lit. f. DSGVO.
When contacting us (e.g. via contact form, e-mail, telephone or via social media), the user’s details will be used to process the contact request and its processing in accordance with Art. 6 Para. 1 lit. b. (within the framework of contractual/pre-contractual relationships), Art. 6 para. 1 lit. f. (other requests) DSGVO processed… The user data can be stored in a customer relationship management system (“CRM system”) or comparable inquiry organization.
We will delete the requests if they are no longer necessary. We review the necessity every two years; furthermore, the statutory archiving obligations apply.
Communication via WhatsApp-Messenger
We use the WhatsApp-Messenger for communication purposes and ask you to note the following information about the functionality, encryption, risks of WhatsApp, use of metadata within the Facebook group of companies and your possibilities to object.
You do not need to use WhatsApp and can contact us by alternative means, such as telephone or e-mail. Please use the contact information provided to you or the contact information on our website.
WhatsApp (WhatsApp Inc. WhatsApp Legal 1601 Willow Road Menlo Park, California 94025, USA) is a U.S. service, which means that the information you submit via WhatsApp may first be transferred to WhatsApp in the United States before it is sent to us.
However, WhatsApp is certified under the Privacy Shield Agreement and therefore warrants to comply with European and Swiss privacy laws (https://www.privacyshield.gov/participant?id=a2zt0000000TSnwAAG&status=Active).
WhatsApp also warrants that the communication content (i.e., the content of your message and attached images) will be encrypted end-to-end. This means that the content of the messages is not viewable, not even by WhatsApp itself. You should always use the latest version of WhatsApp to ensure that the message content is encrypted.
However, we would like to point out to our communication partners that WhatsApp may not see the content, but may know that and when communication partners are communicating with us and may process technical information about the communication partner’s device used and, depending on their device settings, location information (metadata). With the exception of the encrypted content, it is possible to transmit the data of the communication partners within the Facebook group of companies, in particular for the purpose of optimising the respective services and for security purposes. Also, communication partners should assume, at least until they have objected, that their data processed by WhatsApp can be used for marketing purposes or to display advertisements tailored to users.
If we ask communication partners for their consent before communicating with them via WhatsApp, the legal basis for our processing of their data is Art. 6 Para. 1 lit. a. DSGVO. Otherwise, if we do not ask for your consent and you contact us, for example, voluntarily, we will use WhatsApp in our relationship with our contractual partners and as part of the contract initiation as a contractual measure under Art. 6 Para. 1 lit. b. DSGVO and in the case of other interested parties and communication partners on the basis of our legitimate interests in fast and efficient communication and fulfilment of the needs of our communication partners in communication via messengers pursuant to Art. 6 para. 1 lit. f. DSGVO.
For more information about the purposes, types, and extent of WhatsApp’s processing of your information, and about WhatsApp’s privacy rights and settings, please see WhatsApp’s Privacy Notice: https://www.whatsapp.com/legal.
You may object to communication with us via WhatsApp at any time. In the case of subscribing to messages (also known as “broadcasts”) through WhatsApp, you may delete our appropriate telephone number from their contacts and request us to remove your contact from our directory. For ongoing individual requests or communications, you may also ask us not to continue communication through WhatsApp and to delete the communication content.
In the case of communication via WhatsApp, we will delete the WhatsApp messages as soon as we can assume that we have responded to any user information, if no reference to a previous conversation is to be expected and if there are no legal obligations to retain data to prevent the deletion.
Furthermore, we would like to point out that we do not transmit the contact data provided to us to WhatsApp without your consent (e.g. by contacting you via WhatsApp).
Finally, we would like to point out that for security reasons, we reserve the right not to respond to inquiries about WhatsApp. This is the case if, for example, internal contractual matters require special secrecy or if an answer via Messenger does not meet the formal requirements. In such cases we refer you to more appropriate communication channels.
Communication via Facebook-Messenger
We use the Facebook-Messenger for communication purposes and ask you to note the following information about the functionality, encryption, risks of the Facebook-Messenger, use of the metadata within the Facebook group of companies and your possibilities of objection.
You do not have to use the Facebook Messenger and can contact us by alternative means, e.g. by phone or e-mail. Please use the contact information provided to you or the contact information on our website.
The Facebook Messenger is offered by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, whereby the data entered and otherwise collected in the context of the communication are processed in the USA by Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA.
However, Facebook is certified under the Privacy Shield Agreement and therefore warrants to comply with European and Swiss privacy laws (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
Facebook also warrants that the communication content (i.e. the content of your message and attached images) will not be read and offers end-to-end encryption of the content. This means that the content of the messages is not visible, not even through Facebook itself. However, end-to-end encryption requires activation, which you must activate in your Messenger settings using the “Secret Conversations” menu item. You should always use the latest version of Facebook Messenger to ensure that message content is encrypted.
We would like to point out to our communication partners that even if encryption is activated, Facebook can find out that and when communication partners communicate with us and process technical information about the communication partner’s device used and, depending on the settings of their device, also location information (so-called metadata). With the exception of the encrypted content, it is possible to transmit the data of the communication partners within the Facebook group of companies, in particular for the purpose of optimising the respective services and for security purposes. Also, communication partners should assume, at least as long as they have not objected, that their data processed by the Facebook Messenger can be used for marketing purposes or to display advertisements tailored to users.
If we ask communication partners for their consent before communicating with them via the Facebook Messenger, the legal basis for our processing of their data is Art. 6 para. 1 lit. a. DSGVO. Otherwise, if we do not ask for your consent and you contact us, for example, voluntarily, we will use WhatsApp in our relationship with our contractual partners and as part of the contract initiation as a contractual measure under Art. 6 Para. 1 lit. b. DSGVO and in the case of other interested parties and communication partners on the basis of our legitimate interests in fast and efficient communication and fulfilment of the needs of our communication partners in communication via messengers pursuant to Art. 6 para. 1 lit. f. DSGVO.
You can object to communication with us via Facebook Messenger at any time and request us not to continue communication via the Facebook Messenger and to delete the communication content. We delete Facebook messages as soon as we can assume that we have answered any information provided by the user, if no reference to a previous conversation is to be expected and there are no legal obligations to retain data to prevent the deletion.
Finally, we would like to point out that for reasons of your security, we reserve the right not to respond to enquiries via the Facebook Messenger. This is the case if, for example, internal contractual matters require special secrecy or if an answer via Messenger does not meet the formal requirements. In such cases we refer you to more appropriate communication channels.
With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you agree to the receipt and procedures described above.
Content of the newsletter: We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter “newsletter”) only with the consent of the recipient or a legal permission. Insofar as the contents of the newsletter are specifically described within the framework of registration, they are decisive for the consent of the user. In addition, our newsletters contain information about our services and us.
Double-Opt-In and logging: The registration to our newsletter takes place in a so-called Double-Opt-In procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that no one can register with external e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes storing the login and confirmation times as well as the IP address. Likewise the changes of your data stored with the Versanddienstleister are logged.
Registration data: To subscribe to the newsletter, it is sufficient to enter your e-mail address. Optionally we ask you to enter a name in the newsletter for the purpose of a personal address.
The dispatch of the newsletter and the performance measurement associated with it are based on the consent of the recipients pursuant to Art. 6 para. 1 lit. a, Art. 7 DSGVO in conjunction with § 7 para. 2 no. 3 UWG or, if consent is not required, on our legitimate interests in direct marketing pursuant to Art. 6 para. 1 as per f. DSGVO in conjunction with § Section 7 (3) UWG.
The registration procedure is recorded on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO. Our interest is in the use of a user-friendly and secure newsletter system that serves our business interests, meets users’ expectations and allows us to provide evidence of consent.
Cancellation/revocation – You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to provide evidence of prior consent. The processing of these data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of a consent is confirmed at the same time.
Newsletter – Mailchimp
The dispatch service provider can use the data of the recipients in pseudonymous form, i.e. without allocation to a user, to optimise or improve its own services, e.g. for technical optimisation of the dispatch and presentation of the newsletter or for statistical purposes. However, the mail-order company does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.
Hosting and e-mail dispatch
The hosting services we make use of serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services which we use for the purpose of operating this online service.
Here we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors to this online service on the basis of our legitimate interests in the efficient and secure provision of this online service in accordance with Art. 6 Para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO (conclusion of an order processing contract).
collection of access data and logfiles
We, resp. our hosting provider, collect data on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO Data about each access to the server on which this service is located (so-called server log files). Access data includes the name of the website accessed, the file, date and time of access, data volume transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud actions) for the duration of maximally 7 days and deleted afterwards. Data, the further storage of which is necessary for evidence purposes, is excluded from deletion until the respective incident has been finally clarified.
Content-Delivery-Network of Cloudflare
We use a Content Delivery Network (CDN), offered by Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare is certified under the Privacy Shield Agreement and thus provides a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active).
A CDN is a service with the help of which contents of our online offer, especially large media files such as graphics or scripts, can be delivered faster with the help of regionally distributed servers connected via the Internet. The processing of user data is carried out solely for the aforementioned purposes and to maintain the security and functionality of the CDN.
The use takes place on the basis of our legitimate interests, i.e. interest in a secure and efficient provision, analysis and optimisation of our online offer in accordance with Art. 6 Para. 1 letter f. DSGVO.
Google Tag Manager
Google will use this information on our behalf to evaluate the use of our online services by users, to compile reports on the activities within this online service and to provide us with other services associated with the use of this online service and the Internet. Pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with IP anonymization enabled. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
If we ask the users for their consent (e.g. in the context of a cookie agreement), the legal basis for this processing is Art. 6 Para. 1 lit. a. DSGVO. Otherwise, the personal data of the user will be processed on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer in the sense of Art. 6 Para. 1 lit. f. of the German Data Protection Act). DSGVO) processed.
Where data is processed in the United States, we would like to point out that Google is certified under the Privacy Shield Agreement and thereby warrants compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
The personal data of the users are deleted or anonymized after 14 months.
Jetpack (WordPress Stats)
We use the Plugin Jetpack (here the sub-function “WordPress Stats”), which includes a tool for statistical evaluation of visitor access and is provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. Jetpack uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site.
If we ask the users for their consent (e.g. in the context of a cookie agreement), the legal basis for this processing is Art. 6 Para. 1 lit. a. DSGVO. Otherwise, the personal data of the user will be processed on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer in the sense of Art. 6 Para. 1 lit. f. of the German Data Protection Act). DSGVO).
Online presences in social media
We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users active there and to inform them about our services.
We would like to point out that user data may be processed outside the European Union. This may entail risks for users, e.g. by making it more difficult to enforce users’ rights. With respect to US vendors certified under the Privacy Shield, we would like to point out that they are committed to complying with EU privacy standards.
Furthermore, user data is usually processed for market research and advertising purposes. For example, user profiles can be created on the basis of user behaviour and the resulting interests of users. The user profiles can in turn be used, for example, to place advertisements inside and outside the platforms which are presumed to correspond to the interests of the users. For these purposes, cookies are usually stored on the user’s computer, in which the user’s usage behaviour and interests are stored. Furthermore, data can be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
The processing of users’ personal data is carried out on the basis of our legitimate interests in effective information for users and communication with users pursuant to Art. 6 Para. 1 lit. f. DSGVO. If the users are asked by the respective providers of the platforms for their consent to the aforementioned data processing, the legal basis for the processing is Art. 6 Para. 1 lit. a., Art. 7 DSGVO.
For a detailed representation of the respective processing and the possibilities of objection (Opt-Out), we refer to the following linked information of the providers.
Also in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, please do not hesitate to contact us.
– Facebook, -Pages, -Groups, (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on the basis of a Agreement on the joint processing of personal data – Privacy Statement: https://www.facebook.com/about/privacy/, specifically for pages: https://www.facebook.com/legal/terms/information_about_page_insights_data , Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
– Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Statement / Opt-Out: http://instagram.com/about/legal/privacy/.
– Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) – Privacy Statement / Opt-Out: https://about.pinterest.com/de/privacy-policy.
– LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) – Privacy Statement https://www.linkedin.com/legal/privacy-policy , Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.
– Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) – Privacy Statement / Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.
– Wakalet (Wakelet Limited, 76 Quay Street, Manchester, M3 4PR, United Kingdom) – Privacy Statement / Opt-Out: https://wakelet.com/privacy.html.
Integration of services and contents of third parties
We set within our on-line offer on basis of our entitled interests (i.e. interest in the analysis, optimization and economical enterprise of our on-line offer in the sense of the art. 6 exp. 1 lit. f. DSGVO) content or service offers from third parties in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).
This always presupposes that the third-party providers of this content perceive the IP address of the user, since they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents. We strive to use only those contents, whose respective offerers use the IP address only for the distribution of the contents. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visit times and other information about the use of our website, as well as may be linked to such information from other sources.
Use of Facebook Social Plugins
We use our online content on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online content in the sense of Art. 6 para. 1 lit. f. DSGVO) Social Plugins (“Plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online service within Facebook. The list and appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield Agreement and thus provides a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user calls a function of this online service that contains such a plugin, his device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted directly from Facebook to the user’s device and integrated into the online offer by the user. User profiles can be created from the processed data. We therefore have no influence on the extent of the data that Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.
By integrating the plugins, Facebook receives the information that a user has called up the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. When users interact with the plugins, e.g. by clicking the Like button or commenting, the corresponding information is transferred directly from your device to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to know and store their IP address. According to Facebook, only one anonymous IP address is stored in Germany.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the related rights and setting options to protect the privacy of users can be found in Facebook’s data protection information: https://www.facebook.com/about/privacy/.
If a user is a Facebook member and does not want Facebook to collect information about him or her via this online service and link it to his or her Facebook member data, he or she must log out of Facebook and delete cookies before using our online service. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US-American page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
Within our online offer, functions and contents of the Twitter service, offered by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online service within Twitter.
Within our online offer functions and contents of the service Instagram, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offering within Instagram. If the users are members of the Instagram platform, Instagram can assign the call of the above contents and functions to the profiles of the users there. Instagram Privacy Statement: http://instagram.com/about/legal/privacy/.