Privacy Policy
This privacy policy explains the nature, scope and purpose of the processing of personal data (hereinafter "data") within our online offering and the websites, functions and content connected with it, as well as external online presences such as our social media profiles (hereinafter jointly referred to as the "online offering"). With regard to the terms used, such as "processing" or "controller", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Controller
Dennis Parsch
Pater-Frey-Ring 67
86698 Oberndorf, Germany
Types of data processed
- Master data (e.g. names, addresses)
- Contact data (e.g. email, phone numbers)
- Content data (e.g. text entries, photographs, videos)
- Usage data (e.g. websites visited, interest in content, access times)
- Meta/communication data (e.g. device information, IP addresses)
Purpose of processing
- Provision of the online offering, its functions and content.
- Answering contact requests and communicating with users.
- Security measures.
- Reach measurement / marketing.
Terms used
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.
"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Applicable legal bases
In accordance with Art. 13 GDPR, we inform you of the legal bases for our data processing. Where the legal basis is not stated in this privacy policy, the following applies: the legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR; the legal basis for processing to fulfil our services and carry out contractual measures as well as to answer enquiries is Art. 6(1)(b) GDPR; the legal basis for processing to fulfil our legal obligations is Art. 6(1)(c) GDPR; and the legal basis for processing to safeguard our legitimate interests is Art. 6(1)(f) GDPR. Where the vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6(1)(d) GDPR serves as the legal basis.
Security measures
We ask you to inform yourself regularly about the content of our privacy policy. We adapt the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
Cooperation with processors and third parties
Insofar as we disclose data to other persons and companies (processors or third parties) in the course of our processing, transmit data to them or otherwise grant them access to the data, this is only done on the basis of a legal permission (e.g. where a transfer of data to third parties such as payment service providers is required under Art. 6(1)(b) GDPR to fulfil a contract), where you have consented, where a legal obligation provides for this, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
Insofar as we commission third parties to process data on the basis of a so-called "data processing agreement", this is done on the basis of Art. 28 GDPR.
Transfers to third countries
Insofar as we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this occurs in the context of using third-party services or disclosing or transferring data to third parties, this is only done if it is necessary to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have data processed in a third country only where the special requirements of Art. 44 et seq. GDPR are met. That is, processing takes place, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").
Rights of data subjects
You have the right to obtain confirmation as to whether the data in question is being processed and to information about this data, as well as to further information and a copy of the data in accordance with Art. 15 GDPR.
In accordance with Art. 16 GDPR you have the right to request the completion of the data concerning you or the rectification of inaccurate data concerning you.
In accordance with Art. 17 GDPR you have the right to demand that the data in question be deleted without delay, or alternatively, in accordance with Art. 18 GDPR, to request a restriction of the processing of the data.
You have the right to receive the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to request its transmission to other controllers.
You also have the right, pursuant to Art. 77 GDPR, to lodge a complaint with the competent supervisory authority.
Right of withdrawal
You have the right to withdraw consent you have given, with effect for the future, in accordance with Art. 7(3) GDPR.
Right to object
You can object to the future processing of the data concerning you at any time in accordance with Art. 21 GDPR. The objection may in particular be made against processing for direct marketing purposes.
Cookies and right to object to direct marketing
"Cookies" are small files stored on users' computers. Different information can be stored within cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit within an online offering. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offering and closes their browser. Such a cookie can store, for example, the contents of a shopping cart in an online shop or a login status. Cookies are referred to as "permanent" or "persistent" if they remain stored even after the browser is closed. For example, the login status can be stored if users visit it after several days. Likewise, the interests of users can be stored in such a cookie and used for reach measurement or marketing purposes. A "third-party cookie" is a cookie offered by providers other than the controller operating the online offering (otherwise, if they are only the controller's cookies, they are referred to as "first-party cookies").
We may use temporary and permanent cookies and explain this in our privacy policy.
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. The exclusion of cookies can lead to functional restrictions of this online offering.
A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be prevented by disabling them in the browser settings. Please note that you may then not be able to use all functions of this online offering.
Deletion of data
The data we process is deleted or its processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated within this privacy policy, the data stored by us is deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. Where the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted. That is, the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
According to statutory requirements in Germany, retention is carried out in particular for 6 years pursuant to § 257(1) HGB (commercial books, inventories, opening balance sheets, annual financial statements, business letters, accounting vouchers, etc.) and for 10 years pursuant to § 147(1) AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant to taxation, etc.).
According to statutory requirements in Austria, retention is carried out in particular for 7 years pursuant to § 132(1) BAO (accounting documents, receipts/invoices, accounts, vouchers, business papers, statement of income and expenses, etc.), for 22 years in connection with real property and for 10 years for documents relating to electronically supplied services, telecommunications, broadcasting and television services provided to non-entrepreneurs in EU member states and for which the Mini One Stop Shop (MOSS) is used.
Collection of access data and log files
We, or our hosting provider, collect data on the basis of our legitimate interests within the meaning of Art. 6(1)(f) GDPR about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for a maximum of 7 days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose further retention is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.
Registration function
Users can optionally create a user account. During registration, users are provided with the required mandatory information. The data entered during registration is used for the purposes of using the offering. Users can be informed by email about information relevant to the offering or registration, such as changes to the scope of the offering or technical circumstances. If users have cancelled their user account, their data relating to the user account is deleted, subject to retention being necessary for commercial or tax law reasons in accordance with Art. 6(1)(c) GDPR. It is the users' responsibility to back up their data upon cancellation before the end of the contract. We are entitled to irretrievably delete all of the user's data stored during the contract period.
In the context of using our registration and login functions and using the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the user in protection against misuse and other unauthorised use. This data is generally not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so pursuant to Art. 6(1)(c) GDPR. The IP addresses are anonymised or deleted after no more than 7 days.
Contacting us
When contacting us (e.g. via contact form, email, telephone or social media), the user's details are processed for the purpose of handling the contact request and processing it in accordance with Art. 6(1)(b) GDPR. The users' details may be stored in a customer relationship management system ("CRM system") or comparable request organisation.
We delete the requests as soon as they are no longer required. We review the necessity every two years; statutory archiving obligations also apply.
Comments and contributions
If users leave comments or other contributions, their IP addresses may be stored for 7 days on the basis of our legitimate interests within the meaning of Art. 6(1)(f) GDPR. This is for our security, in case someone leaves unlawful content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we ourselves may be held liable for the comment or contribution and are therefore interested in the identity of the author.
We also reserve the right, on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR, to process the users' details for the purpose of spam detection.
Created with Datenschutz-Generator.de by lawyer Dr. Thomas Schwenke, edited and corrected by Dennis Parsch.