Data protect information - Wellness-Hotels & Resorts GmbH

data privacy policy in accordance with the GDPR

Protecting personal data is an important concern to us. Processing personal data is therefore carried out in accordance with the applicable European and national laws. You can of course revoke your consent at any time with future effect. To do this, please contact the data controller in accordance with § 1.
The following statement provides an overview of what kind of data is collected, how it is used and shared, what security measures we take to protect your information, and how you obtain details about the information provided to us.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing personal data, Art. 6 para. 1 S. 1 lit. a) of the EU General Data Protection Regulation (GDPR) serves as legal basis.
For the processing of personal data necessary for performance of a contract to which the data subject is a party, Art. 6 para. 1 S.  lit. b GDPR applies as the legal basis. This also applies to processing operations that are necessary for the performance of precontractual measures.
Insofar as processing personal data is necessary to fulfill a legal obligation to which we are subject, Art. 6 para. 1 S. 1 lit. c GDPR applies as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the said interest, Art. 6 para. 1 S. lit. f) GDPR applies as the legal basis for processing. 

Data deletion and storage duration

The personal data of a data subject will be deleted or blocked as soon as the purpose of storage ceases to exist. Furthermore, data may be stored if this is provided for by European or national legislators in union regulations, laws, or other regulations to which we are subject as the data controller. Blocking or erasing data will also be carried out if a storage deadline prescribed by the above-mentioned standards expires, unless data storage is a necessity for concluding or performing a contract.

§ 1 The data controller and the data protection officer

(1) Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the EU Member States, as well as other data protection regulations, is:
Michael Altewischer

Wellness-Hotels & Resorts GmbH
Haroldstr. 14
40213 Düsseldorf
Deutschland
Tel.: +49 (0)211.679 69 69
E-Mail: post (at) wh-r.com
Website: https://www.wellnesshotels-resorts.com

(2) Name and address of the data protection officer

The Data Protection Officer for the data controller is:
Dieter Grohmann

Datenschutz & Privacy
Beethovens. 23
87435 Kempten
Deutschland
Tel.: +49 (0)831.5209.0
E-Mail: info@datenschutzprivacy.de
Website: https://www.datenschutzprivacy.de

§ 2 Definition of terms

The privacy policy is based on the terms used by the European regulator in the adoption of the basic EU data protection regulation (hereinafter referred to as "GDPR"). The privacy policy should be easy to read and understand. To ensure this, the most important terms are explained below:
  1. Personal data is all information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). Identifiable refers to a person who can be identified directly or indirectly, in particular through the assignment of an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of said person.
  2. The data subject  is any identified or identifiable person whose personal data is processed by the data controller for processing.
  3. Processingis any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  4. Profilingrefers to any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a person, in particular to analyse or predict aspects concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  5. Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable person.
  6.  The data controller or the person responsible for processing  means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the data controller or the specific criteria for their appointment may be laid down in accordance with Union law or the law of the Member States.
  7. The Processorrefers to a legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  8. The recipient  is a natural or legal person, public authority, agency or other body to which personal data is disclosed, whether or not it is a third party. However, authorities which may be entitled to receive personal data under Union law or the law of the Member States within the framework of a particular investigation mandate shall not be regarded as recipients.
  9. third partyis a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
  10. Consentis any freely given, specific, informed and unambiguous indication of the data subject/user's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

§ 3 Provision of the website and creation of log files

  1. When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we automatically collect the following data and information from the computer system of the accessing computer each time you visit the website:
  2. The user's IP address
  3. Information regarding the used browser type and version
  4. The user’s operating system
  5. The user's Internet service provider
  6. Date and time of access 
  7. Websites from which the user's system accesses our website
  8. Websites that are accessed by the user's system via our website
  9. Content of access (specific pages)
  10. The amount of data transmitted
  11. The language and version of the browser software
  12. Used search engines
  13. Names of downloaded files

The log files contain IP addresses: The data is also stored in the log files of our system. This data is not stored together with other personal user data. The legal basis for temporary storage of log files is Art. 6 para. 1 S. lit. f) GDPR.
Temporary storage of the IP address by the system is necessary to 

  1. enable delivery of the website to the user's computer. To this end, the user's IP address shall remain stored for the duration of the session. 
  2. to optimise the contents of our website as well as the advertising for it
  3. to ensure the functionality of our information technology systems and the technology of our website
  4. to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack
  5. The data is stored in log files to ensure the website's functionality. The data is also used to optimise the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes is undertaken in this context.

These purposes also encompass our legitimate interest in data processing in accordance with Art. 6 para. 1 S.1 lit. f) GDPR.

  1. The data is deleted as soon as it is no longer necessary to achieve the purpose of its collection - in this case at the end of the usage process.
  2. Collection of data for the provision of the website and the storage of data in log files is imperative for the operation of the website, so there is no inconsistency.

§ 4 Use of cookies

  1. This site uses cookies. Cookies are small text files which, when you visit a website, are sent from a web server to your browser and stored locally on your end device (PC, notebook, tablet, smartphone, etc.) and stored on your computer and send the user (i.e. our company) certain information. Cookies are used to make the website more customer-friendly and secure, in particular to collect use-related information, such as your name, address, and email address. Frequency of use and number of users of the pages as well as page usage patterns. Cookies do not damage your computer and do not contain viruses. 

This cookie contains a characteristic character string ( called a cookie ID), which enables unique identification of the browser when reopening the website. 

  1. We use cookies to make our website more user-friendly. Some elements of our website require that the requesting browser can be identified even after changing pages. The following data is stored and transmitted in the cookies:
  • Session Cookie (for session detection, lifetime: one session)
  • Long-term cookie (for detecting new / regular customers)
  • Opt-out cookie (in case of opposition to the tracking)
  • language settings
  • Article in a shopping cart
  • Log-in Information
 
We also use cookies on our website which enable analysis of the user's online behaviour. The following data can be transmitted in this way:
  • Entered search terms
  • Frequency of page views
  • Use of website functions
The data collected in this way is pseudonymised via technical provisions. It is therefore no longer possible to assign the data to the accessing user. This data is not stored together with your other personal data. When accessing our website, you are informed via an information banner on the use of cookies for analytical purposes and referred to this privacy policy. A note is also included in this context as to how the user can disable the storage of cookies in the browser settings.
The purpose of using technically necessary cookies is to simplify the use of websites for you. Some features of our website will not be available without the use of cookies. In this case, it is necessary that the browser be recognised even after changing the page.
We require cookies for the following applications:
  • Shopping cart
  • Applying language settings
  • Remembering search terms
The user data collected by technically necessary cookies shall not be used to create user profiles.
The purpose of using technically unnecessary cookies is to improve the quality of our website and its contents. Through the analysis cookies we learn how the website is used and can thus continuously optimise our offer. This information is used when you visit the website again with the same device to automatically recognise you and facilitate navigation. For these purposes, our legitimate interest also lies in the processing of personal data pursuant to Art. 6 para. 1 lit. f GDPR. 
  1. Cookies remain stored even when the browser session is terminated and can be called up again when the page is visited again. However, cookies are stored on your computer and transmitted to our site. You therefore have full control of the use of cookies. If you do not wish data to be collected via cookies, you can set your browser via the "Settings" menu so that you are informed about the setting of cookies or you can generally exclude cookies being set or also delete cookies individually. However, it should be noted that the functionality of this website may be limited if cookies are deactivated. As far as session cookies are concerned, they will be deleted automatically anyway after leaving the website. 

§ 5 Newsletter

(1)  With your consent you can subscribe to our newsletter free of charge, with which we inform you of our current interesting offers. The goods and services to be advertised will be named in the consent form.

To subscribe to our newsletter, we use the "double opt-in" procedure. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you would like the newsletter to be sent. If you do not confirm your registration within [24 hours], your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.The only required information for sending the newsletter is your email address. Any other further information is voluntary and is used to address you personally. The data will be used exclusively for sending the newsletter.

  1. The legal basis for processing data after the user subscribes to the newsletter is, if the user's consent to this has been obtained, Art. 6 para. 1 S. 1 lit. a) GDPR.
  2. The user's email address is collected in order to deliver the newsletter. 

Collection of other personal data as part of the subscription process is for preventing the misuse of the services or of the used email address.

  1. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. Your email address will therefore be stored for as long as your subscription to the newsletter is active. 
  1. You can cancel the receipt of our newsletters at any time and thus revoke your consent by clicking on the field "Unsubscribe newsletter" in our newsletter unsubscriberor by sending us an email to [post (at) wh-r.com] or a message to the contact details given in the imprint. 

§ 6 E-Commerce

  1. If you would like to order from our online shop, it is necessary for the conclusion of the contract that you give us your personal data which we need to complete your order. The information required for the processing the contract is marked separately; any further information is voluntary.The data is entered into a contact form, transmitted to us, and stored.  The following data is collected for ordering via the online shop:
  2. Name
  3. Address (different delivery address if applicable)
  4. Email address
  5. IP address
  6. Date and time of order

Data is only sent to third parties is this is necessary for the purpose of the contract or for account purposes and/or for the collection of the payment or you have expressly consented to this. In this regard, we only pass on the data required in each case. The data recipients are

  • The respective delivery/shipping company (name and address are sent)
  • Collection companies if payment must be collected (name, address, order details are sent)
  • Credit agencies to check creditworthiness (name, address, date of birth, etc. are sent). In this case, the data is only sent if we make advance payments for orders (e.g. purchase on account).
  • The bank for collecting the payment if the payment is made via direct debit
    1. The legal basis isArt.6  para. 1S. 1 lit. b) GDPR.With regard to voluntary data, the legal basis for the processing of the data is Art. 6 para. 1 S. 1 lit. a) GDPR.
    2. The data collected is required for the fulfilment of the contract with the user (for sending the goods and confirming the contents of the contract). We therefore use the data to answer your inquiries, to process your order, and if necessary to check the creditworthiness or recovery of a claim and for the purpose of technical administration of the website. The voluntary information was provided to prevent misuse and, if necessary, to investigate criminal offences.We may also process the data you provide in order to inform you of other interesting and similar offers from our own portfolio or to send you emails containing technical information.
    3. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. We are obliged by commercial and tax law to store your address, payment, and order details for a period of ten years after implementing the contract. However, after [two years]  we limit the processing of your data, that is, your data will only be used to comply with legal obligations. If there is a continuing obligation between ourselves and the user, we store the data for the entire term of the contract and for ten years thereafter (see above). With regard to the data voluntarily provided, we will delete the data upon expiry of [two] years after execution of the contract, unless another contract is concluded with the user during this period; in this case, the data will be deleted upon expiry of [two] years after implementation of the last contract.
    4. If the data is required for the fulfillment of a contract or the implementation of pre-contractual measures, early erasure of data is only possible insofar as contractual or legal obligations do not preclude erasure.

Otherwise, you are free to have the personal data provided during registration completely deleted from the database of the data controller. The data controller will inform you at any time upon request of which personal data relating to the data subject is stored. Furthermore, the controller shall correct or delete personal data at the request or notice of the data subject, provided that there is no legal obligation to keep such data in safekeeping. You can contact the data controller or the data protection officer pursuant to § 1 at any time by email or post and ask for deletion/modification of the data.

§ 7 Sending personal data to third parties

  1. Embedding YouTube videos: We have included YouTube videos in our online offer, which are stored on https://www.youtube.com/channel/UC9OEXYgC0QqHSqSU1FH3YAQ and can be played directly on our website. [They are all integrated in the "Extended Privacy Mode", i.e. no data about you as a user is sent to Youtube if you do not play the videos. Only when you play the videos will the data referred to in paragraph 2 be transmitted. We have no influence on this data transfer.When you visit this website, YouTube receives the information that you have accessed the corresponding subpage of our website. 

The following data is transmitted

  • Device-specific information, such as the hardware used; the version of the operating system; unique device identification and information about the mobile network including your telephone number.
  • Log data in the form of server logs. This includes, but is not limited to, details of how the services were used, such as search queries; IP address; hardware settings; browser type; browser language; date and time of your request; source page; cookies that uniquely identify your browser or Google Account.
  • Site-related information. Google may collect information about your actual location. This includes, for example, your IP address, your WLAN access points, or mobile phone masts.
  • Further information on the data collected by Google, INC can be found at the following link: https://policies.google.com/privacy?hl=en&gl=en

This takes place regardless of whether YouTube makes available a user account via which you are logged in or no user account exists. If you are logged in to Google, your information will be directly associated with your account. 

  1. The legal basis for processing the personal data of users is Art. 6 para. 1 S.1 lit. f) GDPR. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/eu-us-framework.
  2. The integration of the videos serves to make the website clearer for the user and to increase the search engine ranking of the website on Google, YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or requirements-oriented design of its website. Such evaluation also takes place (even for users who are not logged in) for the purposes of providing customised advertising and to inform other social network users about activities on our website.
  3. If you do not wish to be associated with your profile when using YouTube, you must first log out before clicking the button. 
  4. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

(6) For more information on the purpose and scope of data collection and processing by YouTube, please refer to the privacy policy. You will find more information there on your rights and settings options for protecting your privacy:https://www.google.de/intl/de/policies/privacy.

  1. Links to external websites: This website contains links to external sites. We are responsible for our own content. We have no influence over the contents of external links and are therefore not responsible for them, in particular we do not adopt their contents as our own. If you are directed to an external site, the privacy policy provided there applies. If you notice any illegal activities or contents on this page, please let us know. In this case we will check the content and respond accordingly (notice and take down procedure).

§ 8 Contact form and email contact

  1. There is a contact form on our website that can be used for electronic contact. If a user accepts this option, the data entered in the input screen will be sent to us and stored. This data includes:

·      Freely selectable first and last name

·      E-mail address

·      Freely selectable text

·      Freely selectable telephone no.

·      points selected by checkbox (Regions / Hotel (s) / Offers / Room categories)

 

During the sending process, your consent is obtained for processing data and reference is made to this data protection declaration.

Alternatively, you can contact us via the provided email address. In this case, the user's personal data that is transmitted along with the email will be stored. 

If this includes information about communication channels (e.g. email address, telephone number), you also agree that we may contact you via this communication channel in order to respond to your request.

This data will not be disclosed to third parties in this context. The data is used exclusively for processing the conversation.

  1. The legal basis for processing the data, if the user's consent to this has been obtained, is Art. 6 Para. 1 S. 1 lit. a) GDPR. The legal basis for processing the data transmitted in the course of sending an email is Art. 6 para. 1 p.1 lit. f) GDPR. If you send us an e-mail with the intention of entering into a contract with us, this creates an additional legal basis for its processing per Art. 6 para. 1S. 1 lit. b) GDPR.
  2. We only use personal data provided on contact forms to make the requested contact. The data from your email inquiries will of course only be used for the purpose for which you made them available to us when contacting us. If you contact us by email, this also constitutes the necessary legitimate interest in processing the data. Processing other personal data during the sending process serves the purpose of preventing the misuse of the contact form and to ensure the security of our information technology systems.
  3. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the contact form input screen and the data that was sent by e-mail, this is the case when the respective conversation with the user has been completed. The conversation will have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved.  Personal data that was additionally collected during the sending procedure will be deleted at the latest after a period of sevendays.
  4. You have the option of revoking your consent to the processing of personal data at any time. If you contact us by email, you can object to the storage of your personal data at any time. It will not be possible to continue the conversation in this case. Regarding the revocation of the consent / objection of storage, we ask you to contact the data controller or the data protection officer according to § 1 via email or post. All personal data stored in the course of contacting us will be deleted as a result.
§ 9 Social media plugins
       1. Facebook
  1. These pages use social plugins from the social network Facebook (Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA). This plugin allows you to bookmark these pages and share them with other members in the social network. You can recognise this plugin by the Facebook logo or the typical "Like" button. An overview of the Facebook plugins can be found on https://developers.facebook.com/docs/plugins/
  2. We use what is called the two-click solution. This means that if you visit our site, initially no personal data will be sent to Facebook. We offer you the option of communicating directly with Facebook via the button. Only if you click on the marked field and thereby activate it will Facebook receive the information that you accessed the corresponding website of our online offer.

Data sharing is independent of whether you have a Facebook account and are logged in. 

  1. If you click the Facebook "Like" button while logged into your Facebook account, the content of these pages can also be linked to your Facebook profile. In this case, Facebook may also associate the visit to these pages with your user account. When activating the activated button and linking the page, for example, Facebook also stores this information in your user account and communicates this to your contacts in public. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid it being assigned to your profile.
  2. If you are not a member of Facebook or logged out of Facebook before visiting this page, it is still possible for Facebook to obtain and store your IP address.  If you do not want Facebook to associate your visit to our pages with your Facebook account, you must log out of Facebook before visiting our website or you must not activate the plugin.

Generally, the following data is transmitted to Facebook:

  • Browser-related data such as IP address, browser type, operating system, time and date of the request, website visited.
  • User ID (if you are logged in to your Facebook account)

According to Facebook, the IP addresses in Germany will be made anonymous immediately after collection. By activating the plugin, your personal data will be transmitted to Facebook and stored in the USA. Since Facebook collects data mainly via cookies, we recommend that you delete all cookies before clicking on the grayed-out box using your browser's security settings.

  1. We have no influence on the data collected and data processing processes, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods. We also have no information on how Facebook deletes the data collected.
  2. Facebook stores the data collected about you as user profiles and uses it for the purposes of advertising, market research, and/or demand-oriented design of its website. Such evaluation is also made for users who are not logged in, to display customised advertising and to inform other users of the social network about activities on our website. Through the plug-ins we offer you the option of interacting with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. 

(5)   The legal basis for the use of the plugins is   Art. 6  para. 1S. 1 lit. a GDPR. Facebook has submitted to the EU-US privacy shield,   https://www.privacyshield.gov/EU-US-Framework.

  1. You have the right to object to the creation of these user profiles, whereby you must contact Facebook to exercise this right.
  2. Settings and objections to the use of data for advertising purposes are possible in the Facebook profile settings under https://www.facebook.com/settings?tap=ads. Further information on the purpose and scope of data collection and processing as well as on your respective rights by and vis-à-vis Facebook is available under http://www.facebook.com/policy.php<g>, http://www.facebook.com/help/186325668085084.
2.Twitter
  1. These pages use the functions of the Twitter service (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA). By using Twitter and the "Retweet" button, you can follow a post or page on Twitter, or the websites you visit will be linked to your Twitter account and shared with other users. You can recognise this plugin by the "ReTweet" button or the typical blue bird. You can find an overview of the Twitter buttons and their appearance here: https://twitter.com/about/resources/buttons
  2. We use what is called the two-click solution. This means that if you visit our site, initially no personal data will be sent to Twitter. We offer you the option of communicating directly with Twitter via the button. Only if you click on the marked field and thereby activate it will Twitter receive the information that you accessed the corresponding website of our online offer.

If you click the Twitter button while logged into your Twitter account, the content of these pages can also be linked to the Twitter profile. In this case, Twitter may also associate the visit to these pages with your user account. When activating the activated button and linking the page, for example, Twitter also stores this information in your user account and communicates this to your contacts in public. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid it being associated with your profile.

The following data is always transmitted to Twitter:

  • IP address, browser type, date and time of access, source page, operating system, screen resolution
  • Linking this data with your social media operator account data

By activating the plugin, your personal data will be transmitted to Twitter and stored in the USA. 

  1. We have no influence on the data collected and data processing processes, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods. We also have no information on how Twitter deletes the data collected.
  2. Twitter stores the data collected about you as user profiles and uses it for the purposes of advertising, market research, and/or demand-oriented design of its services. Such an evaluation takes place in particular for representing demand-oriented advertisement and to inform other users of the social network about your activities. Through the plug-ins we offer you the option of interacting with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. 

(5)   The legal basis for the use of the plugins is   Art. 6  para. 1S. 1 lit. a GDPR.Twitter has submitted to the EU-US privacy shield,  https://www.privacyshield.gov/EU-US-Framework.

  1. You have the right to object to the creation of these user profiles, whereby you must contact Twitter to exercise this right.
  2. Further information on the purpose and scope of data collection and processing and on your respective rights through and vis-à-vis Twitter is available  at https://twitter.com/privacy. You can change your privacy settings on Twitter at any time at http://twitter.com/account/settings
3.Instagram
  1. This website uses social plugins from the social media network Instagram of Instagram Inc. (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA). This plugin allows you to bookmark these pages and share them with other members in the social network. You can recognise the plugin by the square camera, sometimes with the lettering "Instagram". 
  2. We use what is called the two-click solution. This means that if you visit our site, initially no personal data will be sent to Instagram. We offer you the option of communicating directly with Instagram via the button. Only if you click on the marked field and thereby activate it will Instagram receive the information that you accessed the corresponding website of our online offer.

Data sharing is independent of whether you have a Facebook account and are logged in. 

  1. If you click the Instagrambutton while logged into your Instagramaccount, the contents of these pages can also be linked to your Instagramprofile. In this case, Instagrammay also associate the visit to these pages with your user account. When activating the activated button and linking the page, for example, Instagram also stores this information in your user account and communicates this to your contacts in public. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid it being associated with your profile.
  2. If you are not a member of Instagramor logged out of Instagrambefore visiting this page, it is still possible that Instagramdetects and stores your IP address.  If you do not want Instagramto associate your Instagramuser account with your visit to our website, you must log out of Instagramor must not activate the plugin.

The following data is always transmitted to Instagram:

  • IP address, browser type, date and time of access, source page, operating system, screen resolution
  • Linking this data with your social media operator account data

By activating the plugin, your personal data will be transmitted to Instagram and stored in the USA. 

  1. We have no influence on the data collected and data processing processes, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods. We also have no information on how Instagram deletes the data collected.
  2. Instagram stores the data collected about you as user profiles and uses it for the purposes of advertising, market research, and/or demand-oriented design of its website. Such evaluation is also made for users who are not logged in, to display customised advertising and to inform other users of the social network about activities on our website. Through the plug-ins we offer you the option of interacting with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. 

(5)   The legal basis for the use of the plugins is   Art. 6  para. 1S. 1 lit. a GDPR.

  1. You have the right to object to the creation of these user profiles, whereby you must contact Instagram to exercise this right.
  2. Further information about the purpose and scope of data collection and processing and your respective rights by and towards Instagram is availableat http://instagram.com/about/legal/privacy/.
4. Pinterest
(4.1) On these pages are social plugins of the social network Pinterest of Pinterest Europe Ltd. Palmerston House, 2nd Floor Fenian Street Dublin 2, Ireland. This plugin allows you to bookmark these pages and share them with other social network participants. The plugin can be identified by the word "Pinterest" on the "P".
https://policy.pinterest.com/de/privacy-policy
https://policy.pinterest.com/de/terms-of-service
(4.2) We use the so-called two-click solution. This means that when you visit our site, initially no personal data will be passed on to Pinterest. We give you the opportunity to communicate directly with Pinterest via the button. Only if you click on the marked field and activate it, Pinterest receives the information that you have called up the corresponding website of our online offer.
(4.3) Further information on the purpose and scope of Pinterest can be found on
https://policy.pinterest.com/de/community-guidelines

§ 10 Rights of the data subject

If your personal data is processed, you are a data subject as defined by the GDPR and you have the following rights with respect to the data controller:

1.    The right to be informed

2.    The right of rectification 

3.    The right to limitation of processing

4.    Right to deletion

5.    Right to information

6.    The right to data portability.

7.    The right to object to processing

8.    The right to withdraw data protection consent

9.    The right not to apply an automated decision

10.  The right to file a legal complaint with a supervisory authority

 

1.     Right to information

  1. You can request that the data controller confirms whether we will process personal data that concerns you. If such processing has taken place, you can request free information from the data controller at any time about the personal data stored about you and about the following information:
  2. he purposes for processing the personal data;
  3. the categories of personal data being processed;
  4. the recipients or categories of recipients to whom your personal data has been or will be disclosed;
  5. the planned storage duration of your personal data or, if specific information in that regard is not possible, criteria for determining the storage period;
  6. the existence of a right of rectification or deletion of your personal data or of a restriction on processing by the data controller or of a right to oppose such processing; 
  7. the existence of a right of appeal to a supervisory authority;
  8. any available information on the origin of the data if the personal data has not been collected from the person concerned;
  9. the existence of automated decision-making, including profiling, in accordance with Article 22 Para. 1 and 4, GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the person concerned.
    1. You have the right to request information regarding whether your personal information will be transmitted to a third-party country or an international organisation. In this respect, you can request the appropriate guarantees in accordance with Art. 46 of the GDPR in connection with the transmission.

 

2.   The right of rectification 

You have the right to rectification and/or completion with respect to the data controller if the personal data processed concerning you is incorrect or incomplete. 

 

3.     The right to limitation of processing

  1. Under the following conditions, you may request from the data controller that the processing of your personal data be restricted:
  2. If you contest the accuracy of your personal data for a period that enables the data controller to verify the accuracy of the personal data;
  3. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  4. the data controller no longer needs the personal data for processing purposes, but they are required by you for the establishment, exercise or defence of legal claims or
  5. you have objected to processing pursuant to Art. 21 Para. 1 GDPR pending the verification whether the legitimate grounds of the controller overrides your reasons.
    1. Where processing of the personal data that concerns you has been restricted, such data – apart from being stored – may be processed only with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on the grounds of an important public interest of the Union or of a Member State. If the processing restriction has been done in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.

4.     Right to deletion

  1. You can request that the data controller delete the personal data concerning you immediately, provided that one of the following reasons applies:
  2. The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  3. you withdraw your consent on which the processing is based according to Art. 6 Para. 1 lit. a) or Art. 9 para. 2 (a) GDPR, and where there is no other legal ground for its processing. 
  4. You object pursuant to Art. 21 Para. 1 of the GDPR, and there are no overriding legitimate grounds for processing, or you submit an objection to the processing pursuant to Art. 21 para. 2 GDPR to the processing;
  5. The personal data concerning you have been unlawfully processed. 
  6. The personal data concerning you must be deleted for compliance with a legal obligation under Union or Member State law to which the data controller is subject. 
  7. The personal data concerning you has been collected in relation to services offered by information society services pursuant to Art. 8 para. 1 GDPR.
    1. If the data controller has made personal data that concerns you public and is subject to the obligation to delete it pursuant to Art. 17 para. 1 GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data. 
    2. The right to deletion does not exist insofar as processing is necessary
  8. to exercise the right of freedom of expression and information;
  9. for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the person responsible is subject or for the performance of a task in the public interest or in the exercise of official authority conferred to the person responsible;
  10. for reasons of public interest in the field of public health in accordance with Art. 9 Para. 2 (h) and (i), as well as Art. 9 para. 3, GDPR;
  11. for archiving purposes in the interest of public, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, to the extent that the law referred to in clause (a) is likely to render impossible or seriously prejudicial the attainment of the objectives of such processing; or
  12. to assert, exercise or defend legal claims;

5.     Right to information

If you have exercised your right to have the data controller correct, delete, or limit the processing, this party is obliged to inform all recipients to whom the personal data that concerns you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. It is your right to have the data controller inform you regarding such recipients.

6.     Right to data portability

  1. You have the right to obtain your personal data that you have provided to the data controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to which the personal data have been provided, insofar as
  2. the processing is based on consent pursuant to Art. 6 Para. 1 lit. a) of the GDPR or Art. 9 para. 2 lit. a) of the GDPR or on a contract pursuant to Art. 6 para. 1 (b) GDPR and
  3. the processing is carried out using automated methods.
    1. In exercising this right, you shall have the right to have the personal data transmitted directly from one data controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.
    2. The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the data controller.
    3. In order to exercise the right to data portability, the data subject may at any time contact the controller.

7.     Right of objection

  1. You have the right, for reasons arising from your specific situation, to object to the processing of personal data concerning you at any time, which is carried out in accordance with Art. 6 para. 1 lit. e) or lit. f) of the GDPR; the same applies to profiling based on these provisions. 
  2. The responsible party will no longer process the personal data that concerns you, unless the party can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
  3. If the personal data that concerns you is being processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data that concerns you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing. If you object to processing that is for direct marketing purposes, the personal data that concerns you will no longer be processed for these purposes.
  4. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
  5. In order to exercise the right to object, the data subject may contact the controller directly. 

8.     The right to revoke the declaration of consent pursuant to data protection rights

You have the right at any time to revoke your data protection declaration of consent. The revocation of consent shall not affect the legality of any processing undertaken on the basis of this consent before its withdrawal. You can contact the data controller for this.

9.     Automated decision in individual cases, including profiling

  1. You have the right not to be subject to a decision based exclusively on automated processing - including profiling - that has legal effect against you or significantly impairs you in a similar manner. This shall not apply if the decision: 
  2. is necessary for entering into, or performance of, a contract between the you and a data controller;
  3. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  4. is based on your explicit consent.
    1. However, these decisions may not be based on special categories of personal data pursuant to Art. 9, Para. 1 of the GDPR, unless Art. 9 para. 2 lit. a) or g) of the GDPR and appropriate measures have been taken to protect your rights and freedom as well as your legitimate interests.
    2. In the cases referred to in (1) and (3), the data controller shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person on the part of the data controller, to state his or her own position and to challenge the decision.
    3. If the data subject wishes to exercise their rights concerning automated individual decision-making, he or she may, at any time, contact any employee of the company.

10.  The right to file a legal complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the infringement is suspected, if you believe that the processing of personal data that concerns you is in contravention of GDPR. The supervisory authority with which the appeal has been filed shall inform the appellant of the status and results of the appeal, including the possibility of a judicial remedy under Art. 78 GDPR.

§ 11 Changes to the privacy policy

We reserve the right to change our privacy practices and this policy to adapt it to changes in relevant laws and/or regulations or to better meet your needs. Possible changes to our data protection practices will be announced here. Please note the current version date of the privacy policy.
Google Analytics
  1. On our website we use the service of Google Inc. (Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA)to analyse our users' online behaviour. The software sets a cookie on your computer (see above for cookies). If individual pages of our website are accessed, the following data is stored:
    1. Two bytes of the IP address of the user's accessing system
    2. The called up web page
    3. Entry pages, exit pages,
    4. The time spent on the website and the abort rate
    5. The frequency with which the website is accessed
    6. Country of origin and regional origin, language, browser, operating system, screen resolution, use of Flash or Java
    7. Search engines and keywords used

The information generated by the cookie about the use of this website by the user is generally transmitted to and stored in a Google server in the USA. 

This website uses Google Analytics with the extension "_anonymizeIp()". The software is set in such a way that the IP addresses are not stored completely, but only in a shortened form. In this way it is no longer possible to assign the shortened IP address to the calling computer. The full IP address will be sent to a Google server in the USA and abbreviated there only in exceptional cases. The IP address sent by your browser for the purposes of Google Analytics is not combined with any other Google data.

  1. The legal basis for processing personal data is your consent under Art. 6 para. 1 S. 1 lit. f) GDPR. Google has submitted to the EU-US Privacy Shield,  https://www.privacyshield.gov/EU-US-Framework  , for exceptional cases in which personal data is transferred to the USA. 
  2. On our behalf Google will use this information to evaluate your use of the website and to compile reports on website activity. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness. For these purposes, our legitimate interest also lies in the processing of personal data pursuant to Art. 6 para. 1 lit. f) GDPR. By anonymising the IP address, users' interest in protecting their personal data is sufficiently taken into account.
  3. The set cookies are stored on your device and transmitted to our site. If you do not agree with the collection and evaluation of usage data, you can prevent this by setting your browser software accordingly by deactivating or restricting the use of cookies. Cookies that have already been saved can be deleted at any time. However, in this case you may not be able to use all functions of this website in full.

Furthermore, you can prevent the collection of data generated by the cookie and related to the usage of the website (incl. your IP address) and the processing of the data by Google by downloading and installing the browser plugin available under the following link: The current link is:"http://tools.google.com/dlpage/gaoptout?hl=de.“

  1. Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001 is the third-party provider. Further information can be found in the user conditions under http://www.google.com/analytics/terms/de.html, in the data protection overview under http://www.google.com/intl/de/analytics/learn/privacy.htmland in the privacy policy under http://www.google.de/intl/de/policies/privacy


Google Analytics

„This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”).
Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.
In case of activation of the IP anonymization, Google will truncate/anonymize the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area.
Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA.
On behalf of the website provider Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider.
Google will not associate your IP address with any other data held by Google.
You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website.
Furthermore you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB.

Further information can be found under https://www.google.com/analytics/terms/gb.html (Google Analytics Terms of Service & Privacy).
Please note that on this website, Google Analytics code is supplemented by “gat._anonymizeIp();” to ensure an anonymized collection of IP addresses (so called IP-masking).“


Matomo

This website uses MATOMO, an open source software for statistical analysis of visitor access. MATOMO uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. This gives us the opportunity to optimize the websites for you and make them more visitor-friendly. The information generated by the cookie about your use of this Internet offer is stored on a local server of the provider in Germany. The IP address is made anonymous immediately after processing and before it is stored. The evaluations generated with MATOMO are completely anonymous and cannot be used to identify individual persons. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.