PRIVACY POLICY


The protection of personal data is important to us. Therefore, our processing of personal data takes place in accordance with the applicable European and national legislation.

You may withdraw your consent(s) with future effect at any time. Please contact the controller according to. § 1 for this purpose. The following statement provides an overview of what kind of data is collected, how this data is used and shared, what security measures we take to protect your data, and how to obtain information about the information you provide to us.

Legal basis for the processing of personal data Inasmuch as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a) EU General Data Protection Regulation (GDPR) applies as the legal basis.

The processing of personal data as required for the performance of a contract the data subject is party to shall be governed by Art. 6 para. 1 p. lit. b) GDPR as the legal basis. This also applies to processing operations required for performing pre-contractual measures.

Insofar as the processing of personal data is required to fulfil a legal obligation we are subject to, Art. 6 para. 1 sentence 1 lit. c) GDPR applies as the legal basis.

If the processing is necessary to safeguard the legitimate interests of our company or a third party, and the interests and fundamental rights and freedoms of the person concerned do not outweigh the former interest, Art. 6 para. 1 p. 1 lit. f) GDPR applies as the legal basis for processing.

Data deletion and retention period The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage ceases to apply. The retention may continue as provided for by a European or national legislator under EU regulations, laws or other regulations we are subject to. The blocking or deletion of data also takes place when the retention period prescribed by the cited standards expires, unless there is a need for further data retention for the conclusion or fulfilment of a contract.
 

§ 1 The controller and the data protection officer

(1) Name and address of the controller The controller within the meaning of the General Data Protection Regulation and national data protection laws of the member states, as well as other data protection regulations is:
 

Gudat Solutions GmbH
Kortumstr. 16
44787 Bochum Germany
Tel.: 0234-79476800
E-mail: service@gudat-solutions.com
Website: www.digitalesautohaus.de
 

(2) Name and address of the data protection officerThe data protection officer of the controller is:

Dieter Grohmann
MAHA Maschinenbau Haldenwang GmbH & Co. KG
Hoyen 20
87490 Haldenwang Germany
Tel.: 08374-585433
E-mail: dieter.grohmann@maha.de
Website: www.maha.de

§ 2 Definitions

The privacy statement is based on the terminology used by the European legislator in the adoption of the EU General Data Protection Regulation (hereinafter referred to as "the GDPR"). The privacy policy should be easy to read and understand. To ensure this, the most important terms are explained below:

(a) Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). A natural person is considered identifiable if the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics.

(b) Data subject means any identified or identifiable natural person whose personal data is processed by the controller.

(c) Processing means any operation or series of operations performed with or without the aid of automated processes in relation to personal data, such as its collection, recording, organization, ordering, storage, adaptation or modification, reading out, querying, processing, use, disclosure by transmission, dissemination or other form of supply, comparison or linking, restriction, erasure or destruction.

d) Profiling refers to any type of automated processing of personal data, which consists in use of said personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict characteristics relating to job performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location of that natural person.

e) Pseudonymisation is the processing of personal data in such a way that said data is no longer attributable to a specific data subject without additional information, provided that such additional information is kept separate and subjected to technical and organizational measures to ensure that the personal data cannot be assigned to an identified or identifiable natural person.

(f) The controller is the natural or legal person, public authority, agency or other body that, alone or in concert with others, decides on the purposes and means of processing personal data. Insofar as the purposes and means of such processing are determined by European Union legislation or the laws of the Member States, the controller or the specific criteria for his designation may be prescribed under European Union or national law.

(g) The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

h) The recipient is a natural or legal person, public authority, agency or other body to which personal data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under European Union or national law in respect of a particular investigative order are not considered as beneficiaries.

(i) Third party means a natural or legal person, public authority, agency or other body other than the data subject, controller, processor and persons authorised under the direct responsibility of the controller or processor to process the personal data.

(j) Consent is any voluntary expression of will issued by the data subject unequivocally in the form of a statement or other unambiguous confirmatory act by data subjects indicating their consent to the processing of their personal data.
 

§ 3 Provision of the website and creation of log files

(1) In case of purely informative use of the website, ie if you do not wish to register with us or otherwise provide us with your information, we automatically collect the following data and information from the computer system of the computer for each website access:

a) The IP address of the user b) Information about the browser type and the version used c) The user's operating system d) The user's Internet service provider e) Date and time of access f) Websites that referred the user's system to the website ) Websites that are accessed by the user's system via our website h) Content of the page views (specific pages) i) Amount of data transferred j) Language and version of the browser software k) Search engines used) l) Names of downloaded files

The data is also stored in the log files of our system. Storage of this data together with other personal data of the user does not take place.

(2) The legal basis for the temporary storage of log files is Art. 6 para. 1 p. lit. f) GDPR.

(3) Temporary storage of the IP address by the system is necessary to

a) permit delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session. b) to optimise the content of our website and advertising for it c) to ensure the functioning of our information technology systems and the technology of our website d) Supply law enforcement with information required for criminal investigations.

Storage in log files takes place to warrant correct functioning of the website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. No data evaluation for marketing purposes takes place in this context.

The above purposes are also justified our legitimate interest in data processing under Art. 6 para. 1 sentence 1 lit. f) GDPR.

(4) The data will be deleted as soon as is is no longer required to achieve the purpose of its collection - in this case, at the end of the usage process

For data stored in log files, this is the case after seven days at the latest. An extension of this storage period is possible. In this case, the IP addresses are deleted or anonymised, so that an assignment of the user client is no longer possible.

(5) The collection of data for the provision of the website and the storage of the data in log files is imperative for operation of the website; there is thus no right to object to such processing.


§ 4 Use of cookies

(1) This website uses so-called cookies. Cookies are small text files that are sent from a web server to your browser as soon as you visit a website, and stored locally on your device (PC, notebook, tablet, smartphone, etc.), and provides certain information to the user (ie. us). Cookies serve to make the website more customer-friendly and secure, especially by collecting usage-related information, such as Frequency of use and number of users of pages and page usage behaviour. Cookies do not harm the computer and contain no viruses.

This cookie contains a characteristic string (so-called cookie ID), which allows unique identification of the browser when the website is reopened.

(2) We also use cookies on our website to permit analysis of your browsing behaviour. The following data can be transmitted in this manner:

  • Frequency of page views
  • Use of website functions
  • Visited pages
     

(3) The legal basis for the processing of personal data using cookies is prescribed by Art. 6 para. 1 sentence 1 lit. f) GDPR.

(4) The purpose of using technically unnecessary cookies is to improve the quality of our website and its content. The analysis cookies provide us with information how the website is used, which permits us to constantly optimise our offer. This information is used if you return to the website with the same device to automatically recognise you and render navigation easier for you. The above purposes are also justified our legitimate interest in the processing of personal data under Art. 6 para. 1 lit. f) GDPR.

(5) Cookies are also stored when the browser session is terminated, and may be opened again when the page revisited. However, cookies are stored on your computer and transmitted from the device to our site. You therefore also have full control over the use of cookies. If you wish to prevent data collection by way of cookies, you can configure your browser in such a way that you are informed about the installation of cookies or generally preclude the installation of cookies or delete cookies individually via the menu under "Settings". However, note that disabling cookies may limit the functionality of this website. Session cookies are deleted automatically after leaving the website in any case.
 

§ 5 Newsletter

(1) You may subscribe to our free newsletter by granting your consent, which will keep you up to date about our current interesting offers. The advertised goods and services are designated in the declaration of consent.

We use the so-called double opt-in procedure for registration to our newsletter. This means that we will send you an e-mail to the specified e-mail address asking you to confirm that you wish to receive the newsletter. If you fail to confirm your registration within [24 hours], your information will be blocked and automatically deleted after one month. We also store your IP addresses and times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to inform you about possible misuse of your personal data.

The only requirement for sending of the newsletter is your e-mail address. The specification of further data [surname, first name] is voluntary and will be used to address you individually.

(2) The legal basis for processing of the data after registration for the newsletter by the user is in the presence of consent as per Art. 6 para. 1 sentence 1 lit. a) GDPR.

(3) The collection of the user's e-mail address is used for delivery the newsletter.

The collection of other personal data in the context of the registration process is intended to prevent misuse of the services or e-mail address used.

(4) The data will be deleted as soon as is is no longer required to achieve the purpose of its collection. Your e-mail address will therefore be saved for the duration of your subscription to the newsletter.

Any other personal data collected during the registration process will normally be deleted after a period of seven days.

(5) You may cancel delivery of our newsletter at any time and revoke your consent by clicking on the "Unsubscribe Newsletter" button in our Newsletter footer or by sending us an e-mail to service@gudat-solutions.com or to the contact details provided in the imprint.

This also allows revocation of the consent to the storage of personal data collected during the registration process.
 

§ 6 Disclosure of personal data to third parties

1. Embedded YouTube Videos
(1) We have enbedded YouTube videos in our online offering, which are stored on http://www.YouTube.com and are directly playable from our website. [These are all embedded in the "enhanced privacy mode", which means that no data about you as a user is transferred to YouTube if you do not play the videos. The data mentioned in paragraph 2 is only transmitted once you play the videos. We have no influence on this data transfer. By visiting the website, YouTube is notified that you have accessed the corresponding sub-page of our website.
 

The following data is transmitted in this context:

  • Device-specific information, eg. hardware used; the version of the operating system; unique device ID and information about the mobile network, including your phone number
  • Log data in the form of server logs. This includes, among other things, details of the way the services were used, such as search queries; IP address; hardware settings; browser type; browser language; date and time of your request; original page; cookies that can be used to uniquely identify your browser or Google account
  • location-related information. Information about your actual location may be collected by Google.


This may include data such as your IP address, your Wi-Fi access points, or cell towers. · For more information about data collected by Google, INC, please visit https://policies.google.com/privacy?hl=en&gl=en

This disclosure takes place regardless of whether YouTube provides a user account that you are logged in to, or in the absence of a user account. When you are logged in with Google, your data will be assigned directly to your account.

(2) The legal basis for the processing of personal data of users is prescribed by Art. 6 para. 1 p. 1 lit. f) GDPR. Google also processes your personal information in the US, and has signed up to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework.

(3) The embedded videos serve to make the website more appealing to the user, and to improve the search engine ranking of the website with Google, and more specifically the linkage to our own produced videos. YouTube stores your data as usage profiles and uses them for purposes of advertising, market research and/or the customisation of its website. This evaluation particularly takes place (even for users who are not logged in) to provide relevant advertising and to inform other users of the social networks about their activities on our website.

(4) If you wish to suppress the association with your profile on YouTube, you must log out before activating the button.

(5) You have a right to object to the creation of these user profiles, which must be exercised through YouTube.

(6) Further information on the purpose and scope of the data collection and processing by YouTube can be found in the privacy policy, which also provides further information about your rights and privacy settings: https://www.google.com/intl/en/policies/privacy.


(7) Links to external websites

This website contains links to external sites. We are responsible for our own website content. We have no influence over the content on external links, and are therefore not responsible for it; in particular, we do not adopt espouse such content. If you are directed to an external site, the privacy policy provided there applies. If you notice unlawful activities or contents on this website, you please let us know. In this case, we will review the content and respond accordingly (notice and take down procedure).
 

§ 7 Contact form and e-mail contact

(1) Our website contains a form that can be used for electronic contact. Please use this option, which transmits the data entered into the input mask to us for storage.

The relevant data is:

  • Name
  • E-mail address
  • Telephone number
  • Content of the message


At the time of dispatch of the message, the following data is also stored:

  • IP address of the user
  • Date and time of the request

Your consent is obtained with reference to the present privacy policy for the processing of data in the context of the sending process.

Alternatively, you may contact us via the e-mail address provided. In this case, the personal data transmitted by e-mail will be stored.

As far as this involves information about communication channels (eg. e-mail address, telephone number), you also agree that we may contact you via this communication channel to respond to your request.

In this context, there will be no disclosure of data to third parties. The data is exclusively used for processing of the correspondence.

(2) The legal basis for the processing of data with user consent is prescribed by Art. 6 para. 1 p. lit. a) GDPR. The legal basis for the processing of data transmitted by sending of an e-mail is prescribed by Art. 6 para. 1 p. 1 lit. f) GDPR. If the e-mail contact takes place to conclude a contract, then the additional legal basis for processing is prescribed by Art. 6 para. 1 p. 1 lit. b) GDPR.

(3) The processing of the personal data from the input mask is solely used for processing of the correspondence. We will only use the data from your e-mail enquiries for the purpose provided when you contact us. In case of contact by e-mail, our response is also based on the necessary legitimate interest in the processing of such data. Any other personal data processed in the scope of sending of the message serve to prevent misuse of the contact form, and to ensure the security of our information technology systems.

(4) The data will be deleted as soon as is is no longer required to achieve the purpose of its collection. This applies to personal data from the input mask of the contact form and data sent by e-mail, once the respective conversation with the user has ended. The conversation is deemed as terminate once the circumstances show that the relevant matter has been finalised. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

(5) You may revoke your consent to the processing of your personal data at any time. You may object to the storage of your personal data by contacting us by e-mail at any time. In this case, the correspondence cannot continue. For revocation of the consent/objection to said storage we ask you to contact the processor or data protection officer according to § 1 by e-mail or by post. All personal data stored in the course of our correspondence with you will be deleted in this case.

 

§ 8 Web traffic analysis by Google Analytics (with pseudonymisation)

(1) We use the service of Google Inc. on our website (Google Inc., 1600 Amphitheater Parkway Monutain View, CA 94043, USA) to analyse the browsing behaviour of our users. The software installs a cookie on your computer (for cookies, see above). The following data is stored when you view individual pages of our website:

a) Two bytes of the IP address of the user's system b) The web page visited c) Entry pages, exit pages d) The duration of stay on the website and the cancellation rate e) The frequency of viewing the webpages f) Country of origin and regional origin, language, browser, operating system, screen resolution, Flash or Java usage g) Search engines and search terms used

The information about the use of this website by the user generated by the cookie are usually transmitted to a Google server in the USA and stored there.

This website uses Google Analytics with the extension "_anonymizeIp ()". The software is configured in such a way that the IP addresses are not saved completely, but rather only in abbreviated form. In this way, an assignment of the abbreviated IP address to the user's device is no longer possible. The full IP address is only sent to a Google server in the US and abbreviated there in exceptional cases. However, the IP address provided by Google Analytics in the scope of Google Analytics will not be merged with other Google data.

(2) The legal basis for the processing of personal data is prescribed by Art. 6 para. 1 sentence 1 lit. f) GDPR. The exceptional cases when personal Information is transferred to the US are covered by the EU-US Privacy Shield, which Google has signed up to. https://www.privacyshield.gov/EU-US Framework.

(3) Google will use this information to evaluate your use of the website and to compile reports on website activity on our behalf. Our evaluation of the data obtained permits us to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. The above purposes are also justified our legitimate interest in the processing of data under Art. 6 para. 1 lit. f) GDPR. The anonymisation of the IP address sufficiently considers the users' interest of in their protection of personal data.

(4) The data will be deleted as soon as it is no longer required for our recording purposes. In our case, the relevant period is 14 months.

(5) The cookies used are stored on your computer and transmitted to our site. If you disagree with the collection and analysis of the usage data, you can prevent it by configuring your browser software by deactivating or restricting the use of cookies. Previously saved cookies may be deleted at any time. However, in this case you may not be able to use all features of this website in full.

You may also prevent the collection of the data generated by the cookie related to your use of our website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available under the following link. The current link is: "http://tools.google.com/dlpage/gaoptout?hl=de."

(3) The third party providers is Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. For more information, see the terms of use at http://www.google.com.com/analytics/terms/de.html, the privacy statement at http://www.google.com/intl/de/analytics/learn/privacy.html and the privacy policy at http://www.google.com.de/intl/de/policies/privacy.

 

§ 9 Social media plugins

1. Facebook

(1) This website uses social plug-ins by the social network Facebook (Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA). This plugin allows you to bookmark these pages on this website and share them with other social network users. This plugin is labelled with the Facebook logo or the typical "like button". Find an overview of the Facebook plugins at http://developers.facebook.com/docs/plugins/.

(2) We use the so-called two-click solution. This means that no personal data is initially passed on to Facebook when you visit our site. We provide you with an opportunity to communicate directly with Facebook using the button. Facebook only receives the information that you have viewed the relevant Website of our on-line offering if you click on the marked field, thereby activating it.

The data transfer takes place regardless of whether you have an account with Facebook and are logged in.

a) If you click on the Facebook "Like-Button" while you are logged into your Facebook account, the contents of these pages may also be linked to your Facebook profile. In this case, Facebook can also allocate your visit to these pages to your user account. If you press the activated button and eg. link to this page, Facebook also stores this information in your user account, and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, since this will prevent allocation of your activity to your profile. b) If you are not a member of Facebook, or if you have logged out before visiting this page, Facebook may nonetheless discover and save your IP address. If you do not wish that Facebook allocates your visit to our pages to your Facebook user account, you must log out of Facebook prior to visiting our website or refrain from activating the plug-in.

The following data is transmitted to Facebook in any case:

  • Browser-related data such as IP address, browser type, operating system, time and date of the request, visited website
  • User ID (If you have a Facebook account)

According to Facebook, the IP addresses are anonymised immediately after collection in Germany. By activating the plugin, personal data is transmitted to Facebook and stored in the US. Since Facebook conducts the data collection (in particular via cookies), we recommend that you delete all cookies prior to clicking on the greyed out box via the security settings of your browser.

(3) We have no influence on the data collection and processing operations, nor are we aware of the full scope of the data collection, the purpose of the processing or the retention periods. We also have no information regarding the deletion of data collected by Facebook.

(4) Facebook stores your data as usage profiles and uses them for purposes of advertising, market research and/or the customisation of its website. This evaluation particularly takes place (even for users who are not logged in) to show relevant advertising and to inform other users of the social networks about their activities on our website. The plugins provide you with an opportunity to interact with the social networks and other users, which permits us to improve our offer and make it more interesting to you as a user.

(5) The legal basis for the use of the plugins is prescribed by Art. 6 para. 1 sentence 1 lit. a DS-GMO. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework.

(6) You have a right to object to the creation of these user profiles, which must be exercised through Facebook.

(7) The configuration of and objections to the use of data for advertising purposes are possible within the Facebook profile settings at https://www.facebook.com/settings?tap=ads. For more information on the purpose and scope of the data collection and processing, as well as your rights in respect of Facebook, please visit http://www.facebook.com/policy.php, http://www.facebook.com/help/186325668085084 , http://www.facebook.com/about/privacy/your-info-on-other#applications, and http://www.facebook.com/about/privacy/your-info#everyoneinfo.

2. Google+1

(1) We use the Google + 1 social plugins by Google Inc. on our website (Google Inc., 1600 Amphitheatre Parkway Monutain View, CA 94043, USA). This plugin allows you to bookmark these pages on this website and share them with other social network users. The plugin is labelled with the symbol "+1". Find an overview of Google's plug-ins and their appearance here: https://developers.google.com/+/web/.

(2) We use the so-called two-click solution. This means that no personal data is initially passed on to Google when you visit our site. We provide you with an opportunity to communicate directly with Google using the button. Google will only receive the information that you have accessed the corresponding website of our online service once you click on the highlighted field and activate it.

If you click on the "+1 button" while you are logged into your Google account, the contents of these pages may also be linked to your Google profile. In this case, Google can also associate the visit to these pages with your user account. If you press the activated button and eg. link to this page, Google also stores this information in your user account, and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, since this will prevent allocation of your activity to your profile.

The following data are generally transmitted in this manner:

  • Device-specific information, eg. hardware used; version of the operating system; unique device ID and information about the mobile network, including your phone number
  • Log data in the form of server logs. This includes, among other things, details of the way the services were used, such as search queries; IP address; hardware settings; browser type; browser language; date and time of your request; original page; cookies that can be used to uniquely identify your browser or Google account
  • location-related information. Information about your actual location may be collected by Google. This may include data such as your IP address, your Wi-Fi access points, or cell towers. · For more information about data collected by Google, INC, please visit https://policies.google.com/privacy?hl=en&gl=en
     

By activating the plugin, personal data is transmitted to Google and stored in the US. Since Google conducts the data collection (in particular via cookies), we recommend that you delete all cookies prior to clicking on the greyed out box via the security settings of your browser.

(3) We have no influence on the data collection and processing operations, nor are we aware of the full scope of the data collection, the purpose of the processing or the retention periods. We also have no information regarding the deletion of data collected by Facebook.

(4) Google stores your data as usage profiles and uses them for purposes of advertising, market research and/or the customisation of its website, as well as disclosure to partner companies as necessary. This evaluation particularly takes place (even for users who are not logged in) to show relevant advertising and to inform other users of the social networks about their activities on our website. The plugins provide you with an opportunity to interact with the social networks and other users, which permits us to improve our offer and make it more interesting to you as a user.

(5) The legal basis for the use of the plugins is prescribed by Art. 6 para. 1 sentence 1 lit. f DS-GMO. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework.

(6) You have a right to object to the creation of these user profiles, which must be exercised through Google.

For more information on the purpose and scope of the data collection and processing, as well as your rights in respect of Google, please visit https://www.google.com/policies/privacy/partners/?hl=de.
 

3. Twitter

(1) This website uses the features of the service Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA). By using Twitter and the "re-Tweet" button, you can follow a post or page on Twitter, or link the pages you visit to your Twitter account and share them with other users. This plugin is labelled with a "re-Tweet" button or the typical blue birdie. Find an overview of the Twitter buttons and their appearance here: https://twitter.com/about/resources/buttons

(2) We use the so-called two-click solution. This means that no personal data is initially passed on to Twitter when you visit our site. We provide you with an opportunity to communicate directly with Twitter using the button. Twitter will only receive the information that you have accessed the corresponding website of our online service once you click on the highlighted field and activate it.

If you click on the Twitter button while you are logged into your Twitter account, the contents of these pages may also be linked to your Twitter profile. In this case, Twitter can also associate the visit to these pages with your user account. If you press the activated button and eg. link to this page, Twitter also stores this information in your user account, and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, since this will prevent allocation of your activity to your profile.

The following data are generally transmitted to Twitter in this manner:

  • IP address, browser type, date and time of access, referring page, operating system, screen resolution
  • Association this data with your account data of the social media operator
     

By activating the plugin, personal data is transmitted to Twitter and stored in the US.

(3) We have no influence on the data collection and processing operations, nor are we aware of the full scope of the data collection, the purpose of the processing or the retention periods. We also have no information regarding the deletion of data collected by Twitter.

(4) Twitter stores your data as usage profiles and uses them for purposes of advertising, market research and/or the customisation of its website. This evaluation particularly takes place to show relevant advertising and to inform other users of the social networks about their activities on our website. The plugins provide you with an opportunity to interact with the social networks and other users, which permits us to improve our offer and make it more interesting to you as a user.

(5) The legal basis for the use of the plugins is prescribed by Art. 6 para. 1 sentence 1 lit. a DS-GMO. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

(6) You have a right to object to the creation of these user profiles, which must be exercised through Twitter.

For more information on the purpose and scope of the data collection and processing, as well as your rights in respect of Twitter, please visit https://twitter.com/privacy. You can change your privacy settings on Twitter at http://twitter.com/account/settings at any time.

4. Instagram

(1) We use the social plugins of the social network Instagram by Instagram Inc. on our website (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA). This plugin allows you to bookmark these pages on this website and share them with other social network users. The plugin is labelled with a square camera or the word "Instagram".

(2) We use the so-called two-click solution. This means that no personal data is initially passed on to Instagram when you visit our site. We provide you with an opportunity to communicate directly with Instagram using the button. Instagram will only receive the information that you have accessed the corresponding website of our online service once you click on the highlighted field and activate it.

The data transfer takes place regardless of whether you have an account with Facebook and are logged in.

a) If you click on the Instagram button while you are logged into your Instagram account, the contents of these pages may also be linked to your Instagram profile. In this case, Instagram can also associate the visit to these pages with your user account. If you press the activated button and eg. link to this page, Instagram also stores this information in your user account, and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, since this will prevent allocation of your activity to your profile. b) If you are not a member of Instagram, or if you have logged out before visiting this page, Instagram may nonetheless discover and save your IP address. If you do not wish that Instagram allocates your visit to our pages to your Instagram user account, you must log out of Instagram prior to visiting our website or refrain from activating the plug-in.
 

 The following data is transmitted to Instagram in any case:

  • IP address, browser type, date and time of access, referring page, operating system, screen resolution
  • Association this data with your account data of the social media operator

By activating the plugin, personal data is transmitted to Instagram and stored in the US.

(3) We have no influence on the data collection and processing operations, nor are we aware of the full scope of the data collection, the purpose of the processing or the retention periods. We also have no information regarding the deletion of data collected by Instagram.

(4) Instagram stores your data as usage profiles and uses them for purposes of advertising, market research and/or the customisation of its website. This evaluation particularly takes place (even for users who are not logged in) to show relevant advertising and to inform other users of the social networks about their activities on our website. The plugins provide you with an opportunity to interact with the social networks and other users, which permits us to improve our offer and make it more interesting to you as a user.

(5) The legal basis for the use of the plugins is prescribed by Art. 6 para. 1 sentence 1 lit. a) GDPR.

(6) You have a right to object to the creation of these user profiles, which must be exercised through Instagram.

For more information on the purpose and scope of the data collection and processing, as well as your rights in respect of Instagram, please visit http://instagram.com/about/legal/privacy/.

 

§ 10 Rights of the data subject

If your personal data is processed, you are a data subject in the sense of the GDPR, and you have the following rights vis-à-vis the controller:

1. Right to information
2. Right to rectification
3. Right to restriction of processing
4. Right to deletion
5. Right to notice
6. Right to data portability
7. Right to object to processing
8. Right to revoke the data processing consent
9. Right not to be subject to an automated decision
10. Right to complain to a supervisory authority


1. Right to information
(1) You may request a confirmation from the controller whether personal data concerning you is processed by us. If such processing is required, you may request the personal data stored about you as well as the following information from the controller free of charge:
 

(a) the purposes for which the personal data is processed,
(b) the categories of personal data that is processed,
(c) the recipients or categories of recipients to whom the personal data relating to them have been or will be disclosed;
(d) the planned duration of the storage of personal data concerning you, or, if specific information is not available, criteria for determining the duration of storage,
(e) the right to rectify or erase the personal data concerning you, a right of limitation of the personal data
(f) information of the right of appeal to a supervisory authority
(g) any information available on the source of the data, if the personal data are not collected from the data subject
(h) the presence of automated decision-making including profiling according to Art. 22 para. 1 and 4 GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.

(2) You have the right to request information whether the personal data concerning you are transmitted to a third country or an international organisation. In this context, you may request the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission to be informed.

2. Right of rectification
You have a right to immediate correction and/or completion vis-à-vis the controller, if your personal data processed by us is inaccurate or incomplete.

3. Right to restriction of processing
(1) Under the following conditions, you may request the immediate restriction of the processing of the personal data concerning you from the controller:

(a) if you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of the personal data,
(b) the processing is unlawful and you refuse to delete the personal data, and elect to restrict the use of the personal data instead
(c) the controller no longer requires the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
(d) if you object to processing in accordance with Art. 21 para. 1 GDPR, and it has not yet been determined whether the legitimate reasons of the controller outweigh the reasons for their decision.

(2) If the processing of personal data relating to you has been restricted, such data may be stored only with your consent or for the purposes of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person, or for the purposes of vital public interests of the European Union or of a member state. If the restriction of processing has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to deletion
(1) You may require the controller to delete the personal data concerning you without delay, if any of the following applies:
 

a) The personal data relating to you is no longer required for the purposes for which they were collected or otherwise processed.
(b) You revoke your consent to the processing in accordance with Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for processing.
(c) You object to processing in accordance with Art. 21 para. 1 GDPR, and there are no important justifiable reasons for the processing, or you object to processing in accordance with Art. 21 para. 2 GDPR.
(d) The personal data relating to you has been unlawfully processed.
(e) The deletion of personal data concerning you is required to fulfil a legal obligation under European Union or national law, which the controller is subject to.
(f) The personal data relating to you was provided in respect of information society services offered under Art. 8 para. 1 GDPR.

(2) If the controller has disclosed the personal data relating to you public and is committed to their deletion in accordance with Art. 17 para. 1 GDPR, the controller is to take appropriate measures, including technical means, to notify any data controllers processing the personal data that you as the concerned data subject, have requested the deletion of any links to such personal data or copies or replications of such personal data under consideration of available technology and implementation costs.

(3) The right to deletion does not apply if the processing is necessary

(a) to exercise the right to freedom of expression and information;
(b) to fulfil a legal obligation that requires processing in accordance with the laws of the European Union or of the member states which the controller is subject to, or to carry out a task of public interest or in the exercise of public authority delegated to the controller
(c) for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i, as well as Art. 9 para. 3 GDPR;
(d) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously prejudice the achievement of the objectives of such processing, or to assert, pursue or defend legal claims.

5. Right of notification
If you have asserted the right of rectification, erasure or restriction of the processing vis-à-vis the controller, he is obliged to notify all recipients to whom your personal data has been disclosed of this correction/erasure/restriction of processing unless this proves impossible or is associated with disproportionate effort. You are entitled to be informed of the recipients by the controller.

6. Right to data portability
(1) You have the right to receive the personal data concerning you from the controller in a structured, common and machine-readable format. You also have the right to transfer this information to another controller without hindrance by the controller whom the personal data was provided to, insofar as

a) the processing is based on a consent in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract in accordance with Art. 6 para. 1 lit. b GDPR and
b) the processing is carried out using automated procedures.
 

(2) In exercising this right, you also have the right to have the personal data relating to you directly from one controller to another, insofar as this is technically feasible. The rights and freedoms of third persons must not be affected in doing so.

(3) The right to data portability does not apply to the processing of personal data required for the performance of tasks in the public interest or in the exercise of official authority delegated to the controller.

(4) In order to assert the right to data portability, the data subject may contact the controller at any time.

7. Right of objection (1) You have the right to prevent the processing of personal data relating to you for reasons arising from your particular situation at any time, which takes place pursuant to Art. 6 para. 1 lit. e or f GDPR at any time; this also applies to profiling based on these provisions.

(2) The controller has ceased to process the personal data concerning you, unless he can demonstrate compelling legitimate grounds for such processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims.

(3) If the personal data relating to you is processed for direct mail purposes, you have the right to object to the processing of your personal data for the purposes of such advertising at any time; this also applies to profiling insofar as it is associated with such direct mail. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

(4) Regardless of Directive 2002/58/EC, you have the option of exercising your right to opt-out on processing by means of automated procedures that use technical specifications in the context of the use of information society services.

(5) In order to exercise the right of opposition, the data subject may directly contact the controller.

8. Right to revocation of the data protection consent form
You have the right to revoke your data protection consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation. You can contact the controller for this purpose.
 

9. Automated decision-making on a case-by-case basis, including profiling
(1) You have the right not to be subject to decision-making based solely on automated processing - including profiling - with significant legal or similar effects on you. This does not apply if the decision
 
(a) is necessary for the conclusion or performance of a contract between you and the controller; (b) is permitted by Union or member state legislation which the controller is subject to, and insofar as that legislation is adequate to safeguard your rights and freedoms and your legitimate interests or c) takes place with your express consent.

(2) However, these decisions may not be limited to specific categories of personal data under Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g DSGVO applies, and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.

(3) In respect of the cases referred to in (1) and (3), the controller is to take reasonable measures to safeguard the rights and freedoms, as well as their legitimate interests, including at least the right to obtain the intervention of a person representing the controller by presentation of your own position, and to challenge the decision.

(4) If the data subject wishes to exercise his rights in relation to automated decision-making, he may contact the controller at any time.

10. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of alleged infringement, if you consider that the processing of your personal data violates the GDPR. The supervisory authority to which the complaint has been submitted will inform the complainant of the status and outcomes of the complaint, including the possibility of a judicial remedy as per Art. 78 GDPR.

§ 11 Changes to the privacy policy

We reserve the right to modify our privacy practices and this policy to adapt it to changes in relevant laws or regulations, or to better serve your needs. Any changes to our privacy practices will be announced accordingly. Please note the current version date of the privacy policy in this respect.

The protection of personal data is very important to us. Therefore, our processing of personal data takes place in accordance with the applicable European and national legislation.