Inhaltsverzeichnis

  1. General information and principles of data processing
  2. Controller
  3. Data Protection Officer
  4. Provision and use of the website / server log files
  5. Adobe TypeKit WebFonts
  6. Google Maps
  7. Processing for the implementation of pre-contractual measures and for contract fulfilment
  8. Data transmission
  9. Contact options by e-mail
  10. Data security and security measures
  11. Your rights (as a data subject)
  12. Changes to this privacy policy

 

1. General information and principles of data processing

We are pleased that you are visiting our website. The protection of your privacy and the protection of your data, the so-called personal data, is an important concern to us. 
In accordance with Article 4(1) GDPR, personal data means any information relating to an identified or identifiable natural person. This includes, for example, information such as first and last name, address, telephone number, email address, but also an IP address. 

Data that cannot be linked to your person, for example through anonymization, is not personal data. Processing of personal data (e.g. collection, storage, readout, retrieval, use, transmission, deletion or destruction) pursuant to Article 4(2) GDPR always requires a legal basis or a consent. Processed personal data must be deleted as soon as the purpose of their processing has been achieved, and there are no longer any legally prescribed retention obligations.

Here you will find information on the handling of your personal data upon visiting our website. In order to provide the functions and services of our website, it is necessary for us to collect your personal data. 

In the following, we explain the type and scope, purpose, legal basis and storage period of the respective data processing.

This data protection policy only applies to this particular website. It does not apply for other websites which are merely referenced via hyperlink. We cannot assume responsibility for the confidential handling of your personal data on these third-party websites, since we do not have any influence in the data protection compliance by these companies. Please inform yourself on the handling of personal data by these companies directly on their websites.

2. Controller

3. Data Protection Officer 
If you have any further questions regarding data protection, please feel free to contact our data 
protection officer: 

Herr Robert Faußner, M.A.
Data protection officer
c/o HEUSSEN Rechtsanwaltsgesellschaft mbH
Brienner Straße 9 / Amiraplatz
80333 München
Tel: +49 89 290 97 0
Fax: +49 89 290 97 200
E-Mail: datenschutzbeauftragter@heussen-law.de

4. Provision and use of the website / server log files 

a) Type and extent of data processing 
When you access our website (i.e. when you merely view it without registering and without otherwise providing us with information), we process the following personal data, which your browser automatically transmits to our server:

  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (visited page)
  • Access status/HTTP status code
  • Amount of transferred data 
  • Web address from which the page or file was accessed or the requested function was initiated (referrer URL)
  • IP-address 
  • Browser
  • Language and version of the browser software
  • Operating system

b) Purpose of data processing
This data described above is technically necessary to enable you to use our website. In addition, the data is technically necessary to ensure the stability of the website and IT security, in particular to protect our IT systems from misuse and to defend against attacks.

c) Legal basis
Legal basis for the processing of the data is Article 6(1)(f) GDPR.

d) Storage period 
The aforementioned data will be recorded for the duration of the communication process. 
To guarantee IT security, the IP-address will be saved for an additional short period of time of no more than seven calendar days. 

e) Right of objection
If your personal data is processed in accordance with Article 6(1)(f) GDPR you have a right of objection in accordance with Article 21 GDPR. However, in the case of the specific data processing operation, we have compelling legitimate grounds for the processing the data that are necessary for the protection of these data, because without the processing of these data we cannot provide and operate our website.

5. Adobe TypeKit WebFonts

a) Type and extent of data processing 
We use external fonts from Adobe Typekit Web Fonts on this website. Adobe Typekit Web Fonts is a service of Adobe Systems Software Ireland Limited, 4–6 Riverwalk, City West Business Campus, Dublin 24, Ireland, Tel: +353 1 242 6700, +353 1 242 6711 ("Adobe").

The integration of these web fonts is carried out through a server call, usually one of Adobe in the United States. According to Adobe this sends the following data to the server:

  • Fonts served
  • Web Project ID
  • Web Project JavaScript version (string)
  • Web Project type (string "configurable" or "dynamic")
  • Embed type (whether you are using the JavaScript or CSS embed code)
  • Account ID (identifies the customer the Web Project is from)
  • Service providing the fonts (e.g., Adobe Fonts)
  • Server serving the fonts (e.g., Adobe Fonts servers or Enterprise CDN)
  • Hostname of page loading the fonts

We would like to point out that the Court of Justice of the European Union (CJEU) has doubts about the adequacy of the level of data protection in the USA. In particular, there is a risk that personal data may be processed by government authorities for control and monitoring purposes, possibly also without any legal remedy.

b) Purpose of data processing
The purpose of using Adobe Typekit Web Fonts is the uniform presentation of fonts. 

c) Legal basis
The legal basis is Article 6(1)(f) GDPR. Our legitimate interest is a uniform presentation across all devices as well as improved loading times and a lower administrative effort.

d) Storage period
The stored data will be deleted as soon as they are no longer needed for our purposes.

e) Right of objection
You have the right to object to such processing. You have a right of objection pursuant to Article 21 GDPR. However, we have compelling reasons worthy of protection for processing the data, because without processing of these data we can not ensure data security of the website. 

f) Further information 
Further information on data processing by Adobe can be found in Adobe’s privacy policy at https://www.adobe.com/de/privacy/policies/adobe-fonts.html 

6. Google Maps

a) Type and scope of data processing 
We integrate the maps of the service Google Maps. Google Maps is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660 ("Google").

This allows us to show you interactive maps directly on our website and enables you to use the map function comfortably. We store your data only for the period of use of our website in the form of a log file, no data is transmitted to Google. During the use of our website, we store the following data:

  • Operating system
  • Information about the browser type and version used 
  • Information about your internet service provider 
  • IP address
  • Date and time of access  
  • Websites from which you came to our website
  • Websites that you visit through our website  

This is done regardless of whether Google provides a user account that you are logged in with or whether no user account exists. If you are logged in at Google, your data will be assigned directly to your account. Google stores your data as user profiles and uses them for advertising and market research purposes. Such an evaluation is carried out in particular (even for users who are not logged in) to provide advertising tailored to your needs. The evaluation is also done to inform other users of the social network about your activities on our website. 
If you do not wish to be associated with your profile on Google, you must log out. 

 b) Purpose of data processing
We collect and process this data exclusively in order to be able to display interactive maps directly on our website and to enable you to use the map content comfortably.

c) Legal basis 
The legal basis for the use of Google Maps is your consent pursuant to Article 6(1)(a) GDPR. This is given as soon as you have actively clicked on the plugin to display the map.

d) Storage period
The stored data will be deleted as soon as you leave our website.

e) Right of withdrawal
You can withdraw your consent by closing your browser and thereby ending the session.

f) Further information
Learn more about the Google Maps Terms of Use: https://policies.google.com/terms?gl=DE&hl=de
Learn more about the Additional Terms of Service of Google Maps: www.google.com/intl/de_US/help/terms_maps.html
For more information see Google’s privacy policy: http://www.google.de/intl/de/policies/privacy/

7. Processing for the implementation of pre-contractual measures and for contract fulfilment

a) Type and scope of data processing
In the pre-contractual area and at the conclusion of the contract we collect personal data about you (e.g., first and last name, address, e-mail address, telephone number, bank details).

b) Purpose of data processing
We collect and process this data exclusively for the purpose of contract execution and/or for the fulfilment of pre-contractual obligations.

c) Legal basis 
The legal basis for this is Article 6(1)(b) GDPR.

d) Storage period
The data will be deleted as soon as they are no longer necessary for the purpose of their processing. In addition, statutory retention obligations may exist, such as commercial or tax retention obligations in accordance with the German Commercial Code (HGB) or the German Fiscal Code (AO). If such storage obligations exist, we will block or delete your data at the end of these storage obligations.

8. Data transmission

We only pass on your personal data to third parties if:

a) you have given your explicit consent to do so in accordance with Article 6(1)(a) GDPR.
    
b) this is legally permissible and, in accordance with Article 6(1)(b) GDPR, is necessary for the fulfilment of a contractual relationship with you or the implementation of pre-contractual measures.
    
c) there is a legal obligation under Article 6(1)(c) GDPR for the transfer.
We are legally obliged to transfer data to state authorities, e.g. tax authorities, social security carriers, health insurances, supervisory authorities and law enforcement agencies.
   
 d) the disclosure in accordance with Article 6(1)(f) GDPR is necessary to safeguard legitimate corporate interests and to assert, exercise or defend legal claims, and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
    
e) we use external service providers (so-called processors) to process personal data in accordance with Article 28(3) GDPR. These processors have been carefully selected by us and are obliged by a data processing agreement to handle personal data in accordance with data protection regulations. 
We use such external service providers in the following areas: 

  • IT
  • logistics
  • telecommunications
  • distribution
  • marketing

When transferring personal data to so-called third countries, i.e. outside the EU or EEA, we ensure that your personal data is treated with the same care as within the EU or EEA. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of data protection or where we have ensured the careful handling of personal data by contractual agreements or other suitable guarantees.

9. Contact options by e-mail 
   
a) Type and scope of data processing 
You can contact us by e-mail. Our data collection is limited to the e-mail address of the e-mail account used by you to contact us as well as to the personal data provided by you in the course of contacting us. If you send us an e-mail without encryption, the e-mail is not protected against unauthorized access or modification by third parties during transmission.
    
b) Purpose of data processing
The purpose of data processing is to be able to answer your request appropriately. 
    
c) Legal basis 
The legal basis for this is Article 6(1)(f) GDPR. There is a legitimate interest in the processing of the above-mentioned personal data in order to be able to process your request appropriately, e.g. to answer your inquiry or to fulfil your request for information.
    
d) Storage period    
The duration of the storage of the above-mentioned data depends on the background of your contact. Your personal data will be deleted on a regular basis if the intended purpose of the communication ceases to apply and storage is no longer necessary. This may result, for example, from processing your request.
    
10. Data security and security measures

We are committed to protecting your privacy and treating your personal data confidentially. For this prupose, we take extensive technical and organisational security precautions, which are regularly checked and adapted to technological progress.
  
These include the use of recognised encryption procedures (SSL or TLS). Unencrypted data, e.g. when sent by unencrypted e-mail, may be read by third parties. We have no influence on this. It is the responsibility of the respective user to protect the data provided by him/her against misuse by means of encryption or in any other way.

11. Your rights (as a data subject)

Here you will find your rights regarding your personal data. Details of this are set out in Articles 7, 15-22 and 77 of the GDPR. You can contact the controller (Section 2) or the data protection officer (Section 3) in this regard.

a) Right to withdraw your data protection consent in accordance with Article 7(3) GDPR
You can withdraw your consent to the processing of your personal data at any time with effect
for the future. The withdrawal of consent shall not affect the lawfulness of processing based
on consent before its withdrawal.

b) Right of access pursuant to Article 15 GDPR in conjunction with § 34 BDSG
You have the right to request confirmation as to whether we process personal data concerning you. If this is the case, you have the right to be informed about your personal data and to receive further information, e.g. the purposes of processing, the categories of personal data processed, the recipients and the planned duration of storage or the criteria for determining the duration.

c) Right to rectification and completion under Article 16 GDPR
You have the right to demand the correction of incorrect data without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete data.
    
d) Right to erasure ("right to be forgotten") in accordance with Article 17 GDPR in conjunction with § 35 BDSG
You have the right of erasure, as far as the processing is not necessary. This is the case, for example, if your data are no longer necessary for the original purposes, if you have withdrawn your declaration of consent under data protection law or if the data was processed unlawfully.
    
e) Right to restriction of processing in accordance with Article 18 GDPR
You have the right to limit the processing, for example if you believe that personal data is incorrect.

f) Right to data portability pursuant to Article 20 GDPR 
You have the right to receive personal data concerning you in a structured, common and machine-readable format. 

g) Right to object pursuant to Article 21 GDPR 
You have the right to object to data processing on grounds relating to particular situations. However, this only applies in cases where we process data to fulfill a legitimate interest.
If you can present such a reason and we cannot assert compelling legitimate grounds for the processing which override your interests, we will no longer process this data for the respective purpose.


h) Automated individual decision-making, including profiling in accordance with Article 22 GDPR
You will not be subject to any decision based solely on automated processing of your data, including profiling, which produces legal effects concerning you or similarly significantly affects you.
    
i) Right to lodge a complaint with a data protection supervisory authority pursuant to Article 77 GDPR
You can also lodge a complaint with a data protection supervisory authority at any time, for example if 
you believe that data processing is not in compliance with data protection regulations.

Competent supervisory authority:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit

Ludwig-Erhard-Str 22, 7. OG
20459 Hamburg
Tel.: 040 / 428 54 – 4040
Fax: 040 / 428 54 - 4000
E-Mail: mailbox@datenschutz.hamburg.de
    
12. Changes to this data protection policy 

Our data protection policy serves the fulfilment of legal information duties. We update our protection policy as far as this becomes necessary.