With the following data protection declaration, we would like to inform you about what types of your personal data (also referred to as “data” for short) we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both as part of the provision of our services and in particular on our websites, in mobile applications and external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").
Data privacy and data security during the use of our website are a matter of course for us. Therefore, we would like to inform you below about which of your personal data we collect while you visit our website and for what purposes they are used.
The terms used are not gender specific.
Version: 06. April 2022
Personal data is information that may be used to find out personal or factual characteristics about you (e.g. name, address, telephone number, date of birth or email address). Information with which we cannot create a link (or can only do so with disproportionate effort) to you personally, e.g. via anonymisation of information, is not personal data.
You can visit our webpages without informing us about who you are and without stating to us any corresponding personal data (e.g. names, address, telephone number or email address), unless you provide them to us voluntarily or the corresponding legal provisions on the protection of your data allow this.
We will collect, process and use the personal data provided by you online only for the purposes stated to you.
Some data that we may collect about you is necessary in order for us to:
– provide you with the services you desire;
– perform our contracts with you;
– comply with legal provisions (e.g. billing).
If we directly collect data from you, we may ask for your permission and clearly label mandatory information (e.g. with a star [*]). Any other details without a star will be provided by you voluntarily.
The legal basis for the processing of your data may be the following:
– your consent to data use in accordance with Art. 6(1)(a) GDPR;
– the fulfilment of our service obligations resulting from the contracts concluded with you, in order to provide you with the desired services, in accordance with Art. 6(1)(b) GDPR;
– our legitimate interest in accordance with Art. 6(1)(f) GDPR, e.g. (our commercial interests in the improvement of our services, so that we can better understand your needs and expectations and therefore improve our services for you; for the prevention of fraud and to guarantee that the use of our webpages takes place completely and without fraudulent conduct; in order to guarantee the security of our services and ensure that our offering is technically safe and works properly; to secure and implement our contractual entitlements and claims)
– Legal bases in accordance with Art. 6(1)(c) GDPR, if the collection, storage, transfer or other processing of the data is legally prescribed or necessary for the processing, in order to fulfil our statutory obligations.
We will neither sell nor market your personal data to third parties, nor will we pass it on for other reasons, if this is not listed within this Data Privacy Statement. The passing on of your personal data without your explicit prior permission will only take place in the following cases, in addition to the other cases named in this Data Privacy Statement:
– If necessary for the resolution of unlawful use or misuse of our webpages or for prosecution, personal data will be passed on to the criminal prosecution authorities and, if necessary, to third parties who have been harmed. However, this will only take place if there are specific indications of unlawful conduct or misuse. We are also legally obliged to provide information to certain public bodies upon request. These are criminal prosecution authorities, authorities that pursue administrative offences punishable by a financial penalty, and the financial authorities.
– Forwarding to third parties bound to professional secrecy can only take place if this is necessary for the implementation of the contractual terms and conditions or other agreements, and our claims from contracts that you have concluded with us.
– For the provision of our service, we are occasionally reliant on contractually bound third-party companies and external service providers, e.g. for the hosting. In such cases, information will be passed on to these companies or individual people in order to enable further processing. These external service providers are carefully selected by us and checked regularly, to ensure that your privacy remains protected, and they may only process the data for the purposes specified by us. They are also contractually obliged by us to only handle your data exclusively in accordance with this Data Privacy Statement and the German data privacy laws.
– As part of the further development of our business, the structure of our company may change, in that the legal form is changed, or subsidiary companies, business units or components are founded, purchased or sold. In the event of such transactions, the customer information will be passed on, together with the part of the company to be transferred, with your consent. During any transfer of personal data to third parties to the specified extent, we will ensure that the further use takes place in accordance with this Data Privacy Statement and the relevant data protection laws, and we will ask for your permission.
We do not create personal user profiles. In connection with the displaying of information requested by you, data is only stored on our servers in anonymised form, for the provision of our various services or for analysis purposes. General information is hereby logged, e.g. which content of our offering is accessed and when, and what pages are visited the most frequently. For these purposes, we use so-called “cookies” (small text files with configuration information). The cookies used serve in particular to determine the frequency of use and the number of users of our websites. This enables us to find out which parts of our websites and which other websites our visitors have visited.
However, these use data cannot be traced back to the users. None of this anonymously compiled use data will be matched with your personal data, and it will be promptly erased after the end of the statistical analysis.
Moreover, our webpages do not store cookies that do not have only technically necessary functions and do not only enable the proper functioning of our webpages if you have not accepted them beforehand. For this purpose, you must agree before the storage of cookies by selecting the types of cookies you desire or accept and clicking on “Akzeptieren” (accept) on the banner that contains the notice on the storage of cookies. Further detailed information about the types of cookies we use and how to configure the use of individual types of cookies, and agree and object to their use, can be found in our cookie settings.
The legal bases for this data processing are Art. 6(1)(f) GDPR (which permits the processing of data for the protection of legitimate interests of the data controller) and Art. 6(1)(a) GDPR (which permits data processing based on your consent).
Most browsers are configured so that they automatically accept cookies. However, you can deactivate the storage of cookies or set your browser so that it notifies you before cookies are stored. Users who do not accept cookies may not be able to access certain parts of our website.
Within our websites, we may use plugins of video portal Vimeo. The operator of this site is Vimeo, Inc. 555 West 18th Street New York, New York 10011, USA.If you visit a site equipped with a Vimeo plugin, a connection to the Vimeo servers will be established. The Vimeo server will thereby be informed which of our sites you have visited.
If you are logged into your Vimeo account, you enable Vimeo to directly match your surfing behaviour with your personal profile. You can prevent this by logging out of your Vimeo account.
The use of Vimeo takes place in the interest of an appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.You can find further information about the handling of user data in the Vimeo data privacy declaration at https://vimeo.com/privacy.
Within our sites, we may use plugins of video portal YouTube. The operator of the site is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit a site equipped with a YouTube plugin, a connection to the YouTube servers will be established. The YouTube server will thereby be informed which of our sites you have visited.
If you are logged into your YouTube account, you enable YouTube to directly match your surfing behaviour with your personal profile. You can prevent this by logging out of your YouTube account. The use of YouTube takes place in the interest of an appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
You can find further information about the handling of user data in the YouTube data privacy declaration at https://www.google.de/intl/de/policies/privacy.
Within our websites, we may use map service Google Maps via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For the use of the functions of Google Maps, it is necessary to store your IP address. This information will generally be sent to a Google server in the USA, where it will be stored. The provider of this site has no influence on this data transfer.
The use of Google Maps takes place in the interest of an appealing presentation of our online services and easy traceability of the locations stated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
More information about the use of user data can be found in the Google data privacy statement at https://www.google.de/intl/de/policies/privacy/.
Your visit to our websites will be automatically logged by our web servers.
In connection with the information requested by you from our websites, data is hereby logged for the provision of our various services or for analysis and security purposes, and may be stored in anonymous form (non-personalised). The web server used by us automatically stores data about the displaying of our webpages in so-called server log files.
This data is as follows:
– IP address
– Referrer URL (the site from which you visit us)
– Time of server request
– Host name of the accessing end device (the name of your internet service provider)
– Browser type and browser version
– Operating system used and its settings
The processing of the above-named data hereby takes place for security purposes, for general fraud prevention and as a precaution against attacks on our websites. An automated amalgamation of this data with data from other data sources does not take place.
If your IP address is automatically logged, it will be automatically deleted after 30 days at the latest. Otherwise, only general information is logged, e.g. when which content of our offering is accessed and what pages are visited the most frequently, the names of the requested files and their dates and times of access. This data is used to improve our services and does not enable matches to be made with you personally.
We will not use this information for any other purposes. The legal basis for the data processing is Art. 6(1)(f) GDPR, which allows the processing of data to protect legitimate interests of the data controller.
We only store personal data that you send to us for as long as we require it, in order to fulfill the purposes for which this data has been sent, or as long as this is stipulated by law:
– If you conclude contracts with us, we will store and process your personal data for the duration the contract and beyond for the fulfillment of your post-contractual obligations and matters, and for the duration of the statutory retention periods (maximum 10 years).
– If you have agreed to the use of your email address for marketing purposes, we will store your email address within our mailing database until you de-register or request that we erase the data.
– If you send us a query, we will process your personal data for the duration of the processing of your query.
When we no longer require your personal data, we will erase it from our systems and records, or anonymize it so that it can no longer be identified.
We can retain certain personal data in order to comply with our statutory and regulatory obligations, and to enable us to manage our rights (e.g. the assertion of our rights in court), or for statistical purposes (in anonymized form).
For the secure transmission of your personal data, we use so-called SSL encryption. This form of transfer is recognized as a secure form of data transfer based on our current knowledge. We endeavour to take technical and organizational security measures to protect your personal data against unintentional or unlawful erasure, changes or loss, and against unauthorized forwarding or unauthorized access. Our employees are accordingly obliged to maintain secrecy and data privacy.
In order to prevent the loss or misuse of the data stored by us, we take comprehensive technical and organizational safety precautions, which are regularly reviewed and adjusted to meet technological advances. If it is within our sphere of influence, we use in particular modern encryption techniques as well as a variety of other measures to prevent third parties from obtaining unauthorized information. You will recognize an encrypted connection when the address bar of the browser changes from “http://” to “https://” and you will see a lock symbol in your browser bar. If there is an SSL or TLS encryption, the data you exchange with us cannot be seen by third parties.
However, we would like to point out to you that due to the structure of the internet, it is possible that the data protection regulations and the above-named security measures of other persons or institutions not within our area of responsibility cannot be observed. In particular, data passed on in a non-encrypted form can be read by third parties, even if it is sent via email. We have no technical influence on this occurrence. In these cases, it is the responsibility of the user to protect the data it provides against misuse, by encryption or other methods.
As a data subject in the data processing, you have the following rights listed in this section. If you would like to exercise one of your rights named below, please contact us using the contact details named in the following “Contact” section. Please note that we may request proof of your identity and extensive information about your query before we can process it.
Within the framework of the applicable statutory provisions, you have the right at any time to obtain free information about the data stored about you personally, its origin and recipients, and the purpose of the data processing. On presentation of the respective prerequisites, you may also have the right to the rectification of incorrect data, the restriction of the processing, and the erasure of data.
Some forms of data processing are only possible on the basis of your explicit consent. You can withdraw consent already given at any time. The legitimacy of the data processing carried out until the withdrawal will remain unaffected by the withdrawal.
Regarding the data that we process automatically on the basis of your consent or in the performance of a contract, you generally have the right to access it yourself or have it provided to a third party in a customary, machine-readable format. If you require the direct transfer of this data to a third party, this will only take place if this is technically possible with reasonable effort.
Our website contains so-called hyperlinks to websites of other providers. When activating these hyperlinks, you will be forwarded directly from our website to the websites of the other providers. Regarding these links to external companies and other third parties, Gerrit Arnhold is not responsible for the data privacy requirements or the content of these websites.