PRIVACY POLICY
All personal data is treated confidentially. Our data protection practices comply with the Federal Data Protection Act (BDSG) and the General Data Protection Regulation (GDPR). Below, we provide you with details regarding data protection:
Data controller within the meaning of the GDPR and the BDSG:
GARANT Holding GmbH
Hauptstr. 143, 33378 Rheda-Wiedenbrück
Tel.: 05242/ 409-0
Fax: 05242/ 409-399
Email: info@garant-gruppe.de
Data Protection Officer
The data protection officer for the data controller is:
GDI Gesellschaft für Datenschutz- und Informationssicherheit mbH,
Olaf Tenti, M.Sc. in Computer Science
Körnerstraße 45, 58095 Hagen
Tel. 02331/ 3568320
Fax: 02331/ 356832
Email: datenschutz@garant-gruppe.de
1. REASONS FOR DATA PROCESSING
We collect and process your data to provide our website and to offer you the best possible service by giving you convenient access to our services.
2. WHAT DATA IS COLLECTED, PROCESSED, OR USED?
2.1 VISITING OUR WEBSITE
When you access our website, our servers automatically collect general information, primarily for the purposes of establishing a connection, ensuring functionality, and maintaining system security. This includes the type of browser used, the operating system used, the domain name of the Internet service provider, the connection data of the computer used (IP address), the website from which you visit us (referrer URL), the pages you visit on our site, as well as the date and duration of your visit. Due to pseudonymization, we cannot use this data to identify specific individuals. This data is not combined with other data sources.
2.2 CONTACT FORM
If you contact us via the contact form, you must provide your name, email address, and your message to us. The data is stored for the purpose of processing your inquiry. We do not share this data without your consent. We delete the data collected in this context once storage is no longer necessary, or restrict its processing if statutory retention obligations apply. The legal basis for the processing of your personal data is Article 6(1)(b) of the GDPR when it involves contacting you in connection with the conclusion of a contract. In all other cases, it is in our legitimate interest to respond to your inquiries; therefore, in such cases, the legal basis is Article 6(1)(f) of the GDPR.
3. COOKIES AND OTHER TECHNOLOGIES
Cookies are used to make the website experience more appealing and to accommodate visitors’ preferences. For example, this allows us to save your language selection. Cookies are text files stored on your hard drive to enable the browser to be recognized when you revisit the website. Certain cookies are technically necessary for the proper operation of our site, while other cookies enable specific functions or make our offerings more appealing to you. For cookies that are not technically necessary, we ask for your consent via our Cookie Consent Tool when you visit our site; you may revoke this consent at any time with future effect. Further information about the types of cookies and web services we use can be found in this Privacy Policy as well as in our Cookie Consent Tool, which you can access at any time via the footer. You can also prevent cookies from being stored on your hard drive by adjusting your browser settings accordingly. Cookies that have already been set can be deleted at any time. Please refer to your browser’s instructions for information on how to delete cookies or prevent them from being stored. If you do not accept cookies, this may impair your ability to use our website.
Description of the cookies used on our website:
1. Essential Cookies (technically necessary cookies)
These cookies are necessary to enable the basic functions of this site, such as providing a secure login or saving your order progress.
The legal basis for processing cookies is Article 6(1)(f) of the GDPR. Our legitimate interest lies in ensuring the website functions properly from a technical standpoint.
2. Statistical Cookies
These cookies allow us to analyze your use of the site in order to evaluate and improve our services. They may also be used to enhance the customer experience on this site. For example: providing information on how our site is used.
The legal basis for processing cookies is Article 6(1)(a) of the GDPR, provided that you have given your consent upon entering the site. You may revoke this consent at any time with future effect by sending an email to the contact address listed above or by deleting the cookies in your browser.
3. External Media
These cookies/web services are used to integrate and present external content to website visitors. Content from video platforms and social media platforms is blocked by default. If cookies from external media are accepted, access to this content no longer requires manual consent.
The legal basis for processing cookies is Article 6(1)(a) of the GDPR, provided that you have given your consent upon entering the site. You may revoke this consent at any time with future effect by sending an email to the contact address listed above or by deleting the cookies in your browser.
Privacy Settings
3.1 SPECIFIC WEB SERVICES
Below, we list the specific web services we use on this website. You can view a description of each service, see which companies process the data, and learn about the purposes and legal bases for data processing before you grant us your consent. If you do not grant us your consent, we will only use technically necessary cookies and services for which we do not require your consent.
3.1.1 GOOGLE ANALYTICS
Description of the Service
This website uses Google Analytics, a web analytics service provided by Google Inc. (www.google.de). Google Analytics uses so-called “cookies,” which are text files stored on your computer that enable an analysis of your use of the website. The information generated by the cookie regarding your use of this website is generally transmitted to a Google server in the United States and stored there (please note our information regarding data transfer to an unsafe third country below). However, if IP anonymization is enabled on this website, your IP address will be truncated by Google beforehand within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. IP anonymization is enabled on this website. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data held by Google.
Processing Companies
Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Purposes of Data Processing
This list outlines the purposes of data collection and processing. Consent applies only to the specified purposes. The collected data may not be used or stored for any purpose other than those listed below.
Technologies Used
Pixel Tags
Cookies
Data Collected
This list contains all (personal) data collected by or through the use of this service.
IP address
Usage Data
Click path
App Updates
Browser information
Device Information
JavaScript Support
Pages Visited
Referrer URL
Downloads
Flash Version
Location Information
Purchasing activity
Widget Interactions
Date and time of visit
Legal Basis
- Art. 6(1)(a) GDPR (processing of the data categories listed here based on your consent)
- Art. 46(2)(b) GDPR (Transfer of the data categories listed here to the United States of America based on the EU Commission’s Standard Data Protection Clauses)
- Art. 49(1)(a) GDPR (Transfer of the data categories listed here to the United States of America based on your consent)
Place of Processing
European Union
Retention Period
The retention period is the length of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer needed for the specified processing purposes.
The data is deleted as soon as it is no longer needed for the processing purposes.
Data Recipients:
Alphabet Inc., 1600 Amphitheatre Parkway, Mountain View, United States of America (third country)
Transfer to third countries:
ATTENTION. This service may transfer the collected data to a third country as defined by the GDPR (United States of America). Please note that this is a country that currently does not provide an adequate level of data protection. If the data is transferred to the U.S., there is a risk that your data may be processed by U.S. authorities (security agencies, intelligence services) for monitoring and surveillance purposes, without you having legal remedies comparable to those under the European and national legal systems to challenge such processing.
If you consent to our use of this service, you also consent to the transfer of the data listed here to the United States. You may revoke this consent at any time by notifying us, effective for the future.
In addition, we have entered into Standard Data Protection Clauses with the service provider and the processing companies, as well as a supplement to the EU Commission’s Standard Data Protection Clauses, to ensure an adequate level of protection for your data in connection with the transfer of data to the United States of America. In this way, we ensure that a level of protection comparable to European data protection standards can be guaranteed.
Click here to read the data processor’s privacy policy: https://policies.google.com/privacy?hl=en
Click here to opt out across all domains of the data processor: https://safety.google/privacy/privacy-controls/
Click here to read the data processor’s cookie policy https://policies.google.com/technologies/cookies?hl=en
3.1.2 GOOGLE MAPS
Description of the Service
This website uses Google Analytics, a web analytics service provided by Google Inc. (www.google.de). Google Analytics uses so-called “cookies,” which are text files stored on your computer that enable an analysis of your use of the website. The information generated by the cookie regarding your use of this website is generally transmitted to a Google server in the United States and stored there (please note our information regarding data transfer to an unsafe third country below). However, if IP anonymization is enabled on this website, your IP address will be truncated by Google beforehand within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. IP anonymization is enabled on this website. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data held by Google.
Processing Companies
Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Purposes of Data Processing
This list outlines the purposes of data collection and processing. Consent applies only to the specified purposes. The collected data may not be used or stored for any purpose other than those listed below.
View Maps
Technologies Used
Cookies
Data Collected
This list contains all (personal) data collected by or through the use of this service.
IP address
Location Information
Usage data
Date and time of visit
URLs
Legal Basis:
- Art. 6(1)(a) GDPR (processing of the data categories listed here based on your consent)
- Art. 46(2)(b) GDPR (Transfer of the data categories listed here to the United States of America based on the EU Commission’s Standard Data Protection Clauses)
- Art. 49(1)(a) GDPR (Transfer of the data categories listed here to the United States of America based on your consent)
Place of Processing
European Union
Retention Period
The retention period is the length of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer needed for the specified processing purposes.
The data will be deleted as soon as it is no longer needed for the processing purposes.
Data Recipient
Google Ireland Limited
Google LLC (United States of America)
Alphabet Inc. (United States of America)
Data Protection Officer of the processing company
Below you will find the email address of the data protection officer of the data controller.
https://support.google.com/policies/troubleshooter/7575787?hl=en
Transfer to third countries:
ATTENTION. This service may transfer the collected data to a third country as defined by the GDPR (United States of America). Please note that this is a country that currently does not provide an adequate level of data protection. If the data is transferred to the U.S., there is a risk that your data may be processed by U.S. authorities (security agencies, intelligence services) for monitoring and surveillance purposes, without you having legal remedies comparable to those under European and national legal systems to challenge such processing.
If you consent to our use of this service, you also consent to the transfer of the data listed here to the United States. You may revoke this consent at any time by notifying us, effective for the future.
In addition, we have entered into Standard Data Protection Clauses with the service provider and the processing companies, as well as a supplement to the EU Commission’s Standard Data Protection Clauses, to ensure an adequate level of protection for your data in connection with the transfer of data to the United States of America. In this way, we ensure that a level of protection comparable to European data protection standards can be guaranteed.
Click here to read the data processor’s privacy policy: https://policies.google.com/privacy?hl=en
Click here to opt out across all domains of the data processor: https://safety.google/privacy/privacy-controls/
Click here to read the data processor’s cookie policy https://policies.google.com/technologies/cookies?hl=en
3.1.3 YOUTUBE VIDEOS
Description of the Service
We have embedded YouTube videos in our online offering that are stored on https://www.YouTube.com and can be played directly from our website. These are all embedded in “enhanced privacy mode,” which means that no data about you as a user is transmitted to YouTube unless you play the videos. Only when you play the videos is the data listed below transmitted. We have no control over this data transmission.
Data Processors
Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Purposes of Data Processing
This list outlines the purposes of data collection and processing. Consent applies only to the specified purposes. The collected data may not be used or stored for any purpose other than those listed below.
Viewing and playing videos
Technologies Used
API (since we use YouTube in “enhanced privacy mode,” no cookies are set.)
Data Collected
This list contains all (personal) data collected from or through the use of this service.
IP address
Device Information
Videos you’ve watched
Date and time of visit
Referrer URL
Legal Basis:
- Art. 6(1)(a) GDPR (processing of the data categories listed here based on your consent)
- Art. 46(2)(b) GDPR (Transfer of the data categories listed here to the United States of America based on the EU Commission’s Standard Data Protection Clauses)
- Art. 49(1)(a) GDPR (Transfer of the data categories listed here to the United States of America based on your consent)
Place of Processing
European Union
Retention Period
The retention period is the length of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer needed for the specified processing purposes.
The data will be deleted as soon as it is no longer needed for the processing purposes.
Data Recipients
Google Ireland Limited
Google LLC (United States of America)
Alphabet Inc. (United States of America)
Data Protection Officer of the processing company
Below you will find the email address of the data protection officer of the data controller.
https://support.google.com/policies/contact/general_privacy_form
Transfer to third countries:
ATTENTION. This service may transfer the collected data to a third country as defined by the GDPR (United States of America). Please note that this is a country that currently does not provide an adequate level of data protection. If the data is transferred to the U.S., there is a risk that your data may be processed by U.S. authorities (security agencies, intelligence services) for control and surveillance purposes, without you having legal remedies comparable to those under European and national legal systems to challenge such processing.
If you consent to our use of this service, you also consent to the transfer of the data listed here to the United States. You may revoke this consent at any time by notifying us, effective for the future.
In addition, we have entered into Standard Data Protection Clauses with the service provider and the processing companies, as well as a supplement to the EU Commission’s Standard Data Protection Clauses, to ensure an adequate level of protection for your data in connection with the transfer of data to the United States of America. In this way, we ensure that a level of protection comparable to European data protection standards can be guaranteed.
Click here to read the data processor’s privacy policy: https://policies.google.com/privacy?hl=en
Click here to opt out across all domains of the data processor: https://safety.google/privacy/privacy-controls/
Click here to read the data processor’s cookie policy https://policies.google.com/technologies/cookies?hl=en
3.1.4 Adobe Typekit (Adobe Fonts)
Description of the Service
To ensure consistent font display, we use so-called web fonts provided by Adobe. Adobe Fonts is a service that provides access to a font library for use in desktop applications and websites. When you visit a page, your browser loads the required web fonts into your browser cache to display text and fonts correctly. To do this, the browser you are using must connect to Adobe’s servers. As a result, Adobe becomes aware that our website has been accessed via your IP address. Adobe Typekit fonts are used to ensure a consistent and appealing presentation of our online content
Processing Companies
The provider of these services is
Adobe Systems Software Ireland Limited: 4-6 Riverwalk, City West Business Campus, Saggart, Dublin 24, Ireland
Purposes of Data Processing
This list outlines the purposes of data collection and processing. Consent applies only to the specified purposes. The collected data may not be used or stored for any purpose other than those listed below.
Provision of Adobe Fonts
Technologies Used
-
Data Collected
This list contains all (personal) data collected from or through the use of this service.
IP address
Fonts Provided
Web project ID
JavaScript version of the web project (string)
Web project type (string “configurable” or “dynamic”)
Embedding type (whether you are using the JavaScript or CSS embedding code)
Account ID (identifies the customer associated with the web project)
Service that provides the fonts (e.g., Adobe Fonts)
Server providing the fonts (e.g., Adobe Fonts server or corporate CDN)
Hostname of the page where the fonts are loaded
The time it takes for the web browser to download the fonts
The time from when the web browser downloads the fonts until the fonts are applied
Whether an ad blocker is installed, to determine if the ad blocker is interfering with the accurate tracking of page views
Operating system and browser version
Legal Basis
- Art. 6(1)(f) GDPR (processing of the data categories listed here based on our overriding legitimate interest)
- Art. 46(2)(b) of the GDPR (transfer of the data categories listed here to the United States of America based on the EU Commission’s Standard Data Protection Clauses)
Place of Processing
European Union
Retention Period
The retention period is the length of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer needed for the specified processing purposes.
The data will be deleted as soon as it is no longer needed for the processing purposes.
Data Recipients
Adobe Systems Incorporated, 345 Park Avenue, San Jose, California 95110-2704, USA
Transfer to third countries:
ATTENTION. This service may transfer the collected data to a third country as defined by the GDPR (the United States of America). Please note that this is a country that currently does not provide an adequate level of data protection. If the data is transferred to the U.S., there is a risk that your data may be processed by U.S. authorities (security agencies, intelligence services) for control and surveillance purposes, without you having legal remedies comparable to those under the European and national legal systems to challenge such processing.
We have therefore entered into Standard Data Protection Clauses with the data processors, as well as a supplement to the European Commission’s Standard Data Protection Clauses, to ensure an adequate level of protection for your data in connection with the transfer of data to the United States of America. In this way, we ensure that a level of protection comparable to European data protection standards can be guaranteed.
Click here to read the data processor’s privacy policy: https://www.adobe.com/de/privacy/policies/adobe-fonts.html
3.1.5 PROVENEXPERT WIDGET
Description of the Service
We use “Proven Expert” on our website. We use Proven Expert to display customer reviews on our website. As a customer, this gives you the opportunity to rate our services on our website. When you submit a review, Proven Expert collects and stores your email address, as well as technical data—including your IP address and information about the web browser you are using—in an associated log file. In addition, Proven Expert also stores any other voluntary information you provide. We use Proven Expert to offer you the opportunity to rate our services on our website. At the same time, the use of Proven Expert serves quality assurance and optimization purposes. To ensure the authenticity of a review and to prevent misuse of the review system—such as through spam or multiple reviews by the same user—the processing and storage of the aforementioned data by Proven Expert is necessary. The use of Proven Expert therefore serves to safeguard the security and integrity of our IT systems. This also constitutes our legitimate interest in processing the aforementioned information.
Processing Company
Expert Systems AG, Quedlinburger Straße 1, 10589 Berlin, Germany
Purposes of Data Processing
This list outlines the purposes of data collection and processing. Consent applies only to the specified purposes. The collected data may not be used or stored for any purpose other than those listed below.
Displaying and Enabling Reviews
Technologies Used
Cookies
Data Collected
This list contains all (personal) data collected by or through the use of this service.
IP Address
Device Information
Videos you’ve watched
Date and time of visit
Referrer URL
Legal Basis:
- Art. 6(1)(f) of the GDPR (processing of the data categories listed here based on our overriding legitimate interests)
Place of processing
European Union
Retention period
The retention period is the length of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer needed for the specified processing purposes.
The data will be deleted as soon as it is no longer needed for the processing purposes. This is the case when your review is deleted. The data will not be deleted if further processing and storage of your personal data is necessary in individual cases to assert, exercise, or defend legal claims. In this case, we have a legitimate interest in the further processing and storage of your personal data. The legal basis is Article 6(1)(f) of the GDPR. Data will also not be deleted if we are required by law to continue storing your personal data.
Data Recipients
Expert Systems AG, Quedlinburger Straße 1, 10589 Berlin, Germany
For more information from the third-party provider regarding data protection, please visit the following Proven Expert website
https://www.provenexpert.com/de-de/datenschutzbestimmungen/.
3.1.6 ADDTHIS BOOKMARKING
AddThis Bookmarking
Our websites also contain AddThis plug-ins. These plug-ins allow you to bookmark pages or share interesting content with other users. Through these plug-ins, we offer you the opportunity to interact with social networks and other users, so that we can improve our services and make them more interesting for you as a user.
Through these plug-ins, your web browser establishes a direct connection to the AddThis servers and, if applicable, to the selected social network or bookmarking service. The recipients receive the information that you have visited the corresponding website of our online service, along with the IP address, date and time of the request, time zone difference from Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, the amount of data transferred in each case, the website from which the request originates, the browser, the operating system and its user interface, the language, and the version of the browser software. This information is processed on AddThis’s servers in the United States. If you share content from our website on social networks or bookmarking services, a link may be established between your visit to our website and your user profile on the respective network. We have no influence over the data collected or the data processing operations, nor are we aware of the full scope of data collection, the purposes of processing, or the retention periods. We also have no information regarding the deletion of the collected data by the plug-in provider.
The plug-in provider stores this data as usage profiles and uses it for advertising, market research, and/or to tailor its website to user needs. Such analysis is carried out in particular (even for users who are not logged in) to deliver targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact the respective plug-in provider.
Technologies Used
Plugin
Legal Basis:
- Art. 6(1)(a) GDPR (processing of the data categories listed here based on your consent)
- Art. 46(2)(b) GDPR (Transfer of the data categories listed here to the United States of America based on the EU Commission’s Standard Data Protection Clauses)
- Article 49(1)(a) of the GDPR (transfer of the data categories listed here to the United States of America based on your consent)
Transfer to Third Countries:
ATTENTION. This service may transfer the collected data to a third country as defined by the GDPR (the United States of America). Please note that this is a country that currently does not provide an adequate level of data protection. If the data is transferred to the U.S., there is a risk that your data may be processed by U.S. authorities (security agencies, intelligence services) for control and surveillance purposes, without you having legal remedies comparable to those under the European and national legal systems to challenge such processing.
If you consent to our use of this service, you also consent to the transfer of the data listed here to the United States. You may revoke this consent at any time with future effect.
In addition, we have entered into Standard Data Protection Clauses with the service provider and the processing companies, as well as a supplement to the EU Commission’s Standard Data Protection Clauses, to ensure an adequate level of protection for your data in connection with the transfer of data to the United States of America. In this way, we ensure that a level of protection comparable to European data protection standards can be guaranteed.
For more information on the purpose and scope of data collection and processing by the plug-in provider, as well as further information on your rights in this regard and settings options to protect your privacy, please contact:
AddThis LLC, 1595 Spring Hill Road, Suite 300, Vienna, VA 22182, USA, www.addthis.com/privacy.
3.1.7 GOOGLE TAG MANAGER
Google Tag Manager
This is a tag management system for managing JavaScript and HTML code snippets that can be used to implement tracking, analytics, personalization, and marketing performance tags and tools
Company processing the data
Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Purposes of Data Processing
This list outlines the purposes of data collection and processing. Consent applies only to the specified purposes. The collected data may not be used or stored for any purpose other than those listed below.
Functionality
Technologies Used
Pixel
DataCollected
This list contains all (personal) data collected by or through the use of this service.
Aggregated data for triggering tags
Legal Basis:
- Art. 6(1)(f) GDPR (processing of the data categories listed here based on our overriding legitimate interests)
- Art. 46(2)(b) GDPR (transfer of the data categories listed here to the United States of America based on the EU Commission’s Standard Data Protection Clauses)
Place of processing
European Union
Retention Period
The retention period is the length of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer needed for the specified processing purposes.
The data is deleted as soon as it is no longer needed for the processing purposes.
Data Recipients:
Alphabet Inc., 1600 Amphitheatre Parkway, Mountain View, United States of America (third country)
Transfer to third countries:
ATTENTION. This service may transfer the collected data to a third country as defined by the GDPR (United States of America). Please note that this is a country that currently does not provide an adequate level of data protection. If the data is transferred to the U.S., there is a risk that your data may be processed by U.S. authorities (security agencies, intelligence services) for monitoring and surveillance purposes, without you having legal remedies comparable to those under European and national legal systems to challenge such processing.
If you consent to our use of this service, you also consent to the transfer of the data listed here to the United States. You may revoke this consent at any time by notifying us, effective for the future.
In addition, we have entered into Standard Data Protection Clauses with the service provider and the processing companies, as well as a supplement to the EU Commission’s Standard Data Protection Clauses, to ensure an adequate level of protection for your data in connection with the transfer of data to the United States of America. In this way, we ensure that a level of protection comparable to European data protection standards can be guaranteed.
Click here to read the data processor’s privacy policy: https://policies.google.com/privacy?hl=en
Click here to opt out across all domains of the data processor: https://safety.google/privacy/privacy-controls/
Click here to read the data processor’s cookie policy https://policies.google.com/technologies/cookies?hl=en
4. DELETION
Personal data will be deleted or blocked as soon as the purpose for which it was stored no longer applies or you request its deletion. Data will also be deleted when a retention period prescribed by the aforementioned regulation expires, unless further storage of the data is necessary for the conclusion or performance of a contract, or you have given your consent in this regard.
5. DATA SECURITY
We protect our website and other systems against the loss, destruction, unauthorized access, alteration, or disclosure of your data by unauthorized persons through technical and organizational measures. Depending on the browser used, data is transmitted using SSL encryption ranging from 128-bit to 256-bit. Despite regular checks and continuous improvement of our security measures, complete protection against all risks is not possible.
6. USE OF OUR BLOG FEATURE
On our blog, where we publish various posts on topics related to our activities, you can post public comments. Your comment will be published alongside the post under the username you provide. We recommend using a pseudonym instead of your real name. Providing a username and email address is required; all other information is voluntary. When you post a comment, we also store your IP address, which we delete after one week. We need to store this information to defend ourselves against liability claims in the event of the publication of unlawful content. We need your email address to contact you if a third party reports your comment as unlawful. The legal basis for this is Article 6(1)(b) and (f) of the GDPR. Comments are not reviewed prior to publication. We reserve the right to delete comments if they are reported as unlawful by third parties.
9. FACEBOOK FAN PAGE/FACEBOOK PRESENCE
Our presence on social networks and platforms, such as Facebook, serves to facilitate active and up-to-date communication with our customers and prospective customers. There, we provide information about our services, products, and interesting special promotions related to our company. When you visit our social media profiles, your data may be automatically collected and stored for market research and advertising purposes. Using pseudonyms, so-called usage profiles are created from this data. These can be used, for example, to display advertisements both within and outside the platforms that are presumed to match your interests. Cookies are generally used on your device for this purpose. The function of cookies is explained in our Privacy Policy; please refer to the relevant information there. These cookies store visitor behavior and user interests. The legal basis for this processing is Article 6(1)(a) of the EU GDPR. There is currently no adequacy decision by the European Commission for the United States. However, we have entered into standard data protection clauses with Facebook, which are intended to ensure that your personal data is handled in a manner comparable to European and German data protection standards.
The legal basis for data transfers to the U.S. when you visit our Facebook fan page is therefore Article 46(2)(c) of the GDPR (Standard Data Protection Clauses).
For detailed information on how the providers process and use data on their sites, as well as contact information, your rights in this regard, and privacy settings—particularly your right to object (so-called “opt-out”)—please refer to the providers’ privacy policies linked below:
Facebook: https://www.facebook.com/about/privacy/
You can find the opt-out option as follows:
Facebook: https://www.facebook.com/settings?tab=ads
If you have any further questions regarding this, you can also contact us (contact information is provided above).
Data processing is carried out on the basis of an agreement between joint controllers pursuant to Art. 26 of the GDPR, which you can view here:
https://www.facebook.com/legal/terms/page_controller_addendum
10. RIGHTS OF THE DATA SUBJECT
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
10.1 Right of Access
You may request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing is taking place, you may request the following information from the controller:
- the purposes for which the personal data is processed;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
- the planned duration of storage of the personal data concerning you or, if specific details cannot be provided, the criteria for determining the storage period;
- the existence of a right to rectification or erasure of the personal data concerning you, a right to restrict processing by the controller, or a right to object to such processing;
- the existence of a right to lodge a complaint with a supervisory authority;
- all available information regarding the origin of the data, if the personal data was not collected from the data subject;
10.2 Right to Rectification
You have the right to request that the controller rectify and/or complete your personal data if the processed personal data concerning you is inaccurate or incomplete. The controller must carry out the rectification without delay.
10.3 Right to Restriction of Processing
Under the following conditions, you may request the restriction of the processing of personal data concerning you:
- if you contest the accuracy of the personal data concerning you for a period that allows the controller to verify the accuracy of the personal data;
- the processing is unlawful, and you oppose the erasure of the personal data and instead request the restriction of its use;
- the controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise, or defend legal claims, or
- if you have objected to the processing pursuant to Article 21(1) of the GDPR and it has not yet been determined whether the controller’s legitimate grounds override your interests.
If the processing of your personal data has been restricted, such data—apart from its storage—may be processed only with your consent or for the purpose of asserting, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of a substantial public interest of the Union or a Member State.
If the restriction on processing has been imposed in accordance with the above conditions, the controller will notify you before the restriction is lifted.
10.4 Right to Erasure
- Obligation to Erase
You may request that the controller erase your personal data without delay, and the controller is obligated to erase such data without delay if any of the following grounds apply:
- The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
- You withdraw your consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing.
- You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
- The personal data concerning you has been processed unlawfully.
- The erasure of your personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data concerning you was collected in connection with information society services offered pursuant to Article 8(1) of the GDPR.
- Disclosure to Third Parties
If the controller has made your personal data public and is obligated to erase it pursuant to Article 17(1) of the GDPR, it shall take appropriate measures, including technical measures, taking into account available technology and the cost of implementation, to inform the controllers who process the personal data that you, as the data subject, have requested the erasure of all links to such personal data or of copies or replicas of such personal data.
- Exceptions
The right to erasure does not apply if the processing is necessary
- to exercise the right to freedom of expression and information;
- to comply with a legal obligation that requires processing under Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
- to assert, exercise, or defend legal claims.
10.5 Right to Information
If you have exercised your right to rectification, erasure, or restriction of processing with the controller, the controller is obligated to notify all recipients to whom your personal data has been disclosed of such rectification, erasure, or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed by the controller about these recipients.
10.6 Right to Data Portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that
- the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, or on a contract pursuant to Article 6(1)(b) of the GDPR, and
- the processing is carried out by automated means.
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, provided this is technically feasible. This must not infringe upon the freedoms and rights of others.
10.7 Right to Object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out pursuant to Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.
The controller will no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
In connection with the use of information society services—notwithstanding Directive 2002/58/EC—you have the option to exercise your right to object through automated means using technical specifications.
10.8. Right to Withdraw Consent Under Data Protection Law
You have the right to withdraw your consent under data protection law at any time. Withdrawing your consent does not affect the lawfulness of the processing carried out on the basis of your consent up until the time of withdrawal.
10.9 Automated Decision-Making in Individual Cases, Including Profiling
You have the right not to be subject to a decision based solely on automated processing—including profiling—that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
- is necessary for the conclusion or performance of a contract between you and the controller,
- is authorized by Union or Member State law to which the controller is subject, and that law provides for appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or
- is based on your explicit consent.
However, these decisions may not be based on special categories of personal data as defined in Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests.
10.10 Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your workplace, or the location of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.
The supervisory authority to which the complaint was submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.