Table of Contents:
Browser: Computer program for displaying web pages (e.g. Chrome, Firefox, Safari)
Third countries: Countries outside the European Union (EU)
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), available here.
Personal data: Any information relating to an identified or identifiable natural person. A natural person is considered as identifiable, who can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, the expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
Profiling: Any type of automated processing of personal data, which consists in using that personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal preferences, interests to analyze or predict the reliability, behavior, location or change of location of this natural person.
Tracking: The collection of data and their evaluation regarding the behavior of visitors relating to our services.
Tracking technologies: Tracking can be done either via the activity logs (log files) stored on our web servers or by collecting data from your device via pixel, cookies and similartracking technologies.
Processing: Any process or series of operations related to personal information, such as collection, recording, organization, ordering, storage, adaptation or modification, reading, querying, use, disclosure, performed with or without the aid of automated procedures through transmission, dissemination or any other form of provision, settlement or linking, restriction, erasure or destruction.
All these offers are collectively referred to as „services“
The following applies to all processing operations described below, unless otherwise stated:
The provision of personal information is not required by law or contract and you are under no obligation to provide any data. We will inform you as part of the submission process when the provision of personal information for the relevant service is required (for example, by the designation as "mandatory field"). In the case of required data, non-provisioning means that the service in question cannot be provided. Otherwise, the non-provision may result in our being unable to provide our services in the same form and quality.
In some cases, you may also give us your consent to further processing in connection with the processing described below (possibly for some of the data). In this case, we will inform you separately in connection with the submission of the respective declaration of consent of all modalities and the scope of the consent and the purpose, which we pursue with these processing operations. The processing based on your consent is, therefore, not listed here again (Art. 13 (4) GDPR).
When we send data to third countries, i.e. countries outside the European Union, then the transfer takes place only in compliance with the statutory eligibility requirements.
If the transmission of the data to a third countrydoes not serve the purpose of fulfilling our contract with you, we do not have your consent, the transmission is not required to assert, exercise or defend legal claims and otherwise no exceptions under Art. 49 GDPR apply, we only transfer your data to a third country, if there is an adequacy decision pursuant to Art. 45 GDPR Art. 45 GDPR or suitable guarantees pursuant to Art. 46 GDPR are given.
One of these adequacy decisions is Commission Implementing Decision (EU) 2016/1250 of 12th July 2016 on the so-called "US-US Privacy Shield" for the USA. For transfers to companies certified under the EU-US Privacy Shield, the level of data protection is generally considered appropriate in the meaning of Art. 45 GDPR..
Alternatively or additionally, by concluding the EU standard data protection clauses issued by the European Commission with the receiving agency, appropriate guarantees pursuant to Art. 46 (2) c) GDPR and an adequate level of data protection are created. Copies of EU standard privacy clauses are available on the European Commission's website, available here.
Our data processing takes place to a large extent with the involvement of so-called hosting service providers, who provide us with storage space and processing capacities in their data centers and, according to our instructions, also process personal data on our behalf. For all the functionalities listed below, personal data may be transmitted to hosting service providers. These service providers process data either exclusively in the EU or we have guaranteed an appropriate level of data protection using the EU standard data protection clauses (see c.).
We provide personal information to governmental agencies (including law enforcement agencies) when required to fulfill a legal obligation to which we are subject (legal basis: Art. 6 (1) c) GDPR)or it is required to assert, exercise or defend legal claims (legal basis Art. 6 (1) f) GDPR).
In the section "Storage period" it is indicated in each case, how long we use the data for the respective processing purpose. At the end of this period, the data will no longer be processed by us but will be deleted at regular intervals, unless continuing processing and storage is required by law (in particular because it is necessary to fulfill a legal obligation or to assert, exercise or defend legal claims ) or you give us an additional consent.
The following sections use the following summary category labels for specific types of data:
Here's how we describe how your personal information is processed when you access our services services (such as loading and viewing the website, opening and navigating within the mobile app). In particular, we point out that the transmission of access data to external content providers (see under b.) is inevitable due to the technical functioning of information transmission on the Internet. The third-party providers are responsible for the privacy-compliant operation of the IT systems they use. The decision on the storage period of the data is up to the service providers.
Proper function of the services; security of data and business processes; prevention of abuse; prevention of damage through interference with information systems
Proper function of the services; (accelerated) presentation of the contents
If we process your personal data in order to operate direct mail, you have the right at any time, with future effect, to object to the processing of personal data relating to the Purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct mail.
For reasons arising out of your particular situation, you also have the right to object at any time, with future effect, to the personal data relating to processing, which occurs in accordance with Art. 6 (1) letters e) or f) GDPR; based on these provisions, this also applies to Profiling.
The right to object can be exercised free of charge.
Alternatively, you can reach us inter alia via the contact data contact data mentioned under I.3 or use the following approaches:
By email to: CyberSolutions@datenschutzanfrage.de
By phone: +49 89 9250 3784
You have the right to request confirmation from us as to whether personal data relating to you are being processed and, if applicable, for information about this personal data and the other information listed in Art. 15 GDPR..
You have the right to demand immediate correction of incorrect personal data concerning you (Art. 16 GDPR). Taking into account the purpose of processing, you have the right to demand the completion of incomplete personal data, including by means of a supplementary statement.
You have the right to demand that personal data relating to you be deleted without delay if one of the reasons stated in Art. 17 (1) GDPR applies and the processing is not required for one of the purposes set out in Art. 17 (3) GDPR.
You have the right, under the conditions specified in Art. 20 (1) GDPR to obtain the personal data that you have provided us in a structured, common and machine-readable format, and the right to transfer that data to another person without Obstruction by us. In exercising the right to data transferability, you have the right to obtain that your personal data is transmitted directly by us to another responsible party, as far as technically feasible.
Insofar as processing processing is based on your consent, you have the right to revoke your consent at any time. The legality of the processing carried out on the basis of the consent until the revocation is not affected.
You have the right of appeal to the supervisory authority responsible for our company. The supervisory authority responsible for our company is:
Landesamt für Datenschutzaufsicht [Data Protection Authority of Bavaria for the Private Sector], Promenade 18 (Schloss), 91522 Ansbach, http://www.lda.bayern.de
As of: 22nd May 2019