Telefonische Reservierung: +49 2104 778 - 0
Arrival
09.04.2018
Depature
10.04.2018
Rooms
1
Adults
2
» Book now

Data protection declaration

§ 1 THE RESPONSIBLE MANAGER AND THE DATA PROTECTION OFFICER

(1) Name and address of the person responsible
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Dipl.-Ing. Dirk Reucher Gut Höhne e. K.
Düsseldorfer Str. 253
40822 Mettmann
02104/7780
info@guthoehne.de
www.guthoehne.de

(2) The data protection officer of the person responsible is:
Dieter Grohmann
Akwiso data protection and audit
Beethovenstrasse 23
87435 Kempten, Germany
info@akwiso.de
www.akwiso.de

§ 2 DEFINITIONS

(1) The data protection declaration is based on the terms used by the European regulator when the EU General Data Protection Regulation (hereinafter referred to as “GDPR”) was adopted. The data protection declaration should be easy to read and understand. To ensure this, the most important terms are explained below:

(2) Personal data is all information that relates to an identified or identifiable natural person (hereinafter referred to as “data subject”). A natural person is regarded as identifiable who, directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier or to one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.

(3) The person concerned is any identified or identifiable natural person whose personal data is processed by the person responsible for processing.

(4) Processing is any process carried out with or without the help of automated processes or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or change, reading, querying, the use, disclosure by transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.

(5) Profiling is any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular to assess aspects relating to work performance, economic situation, To analyze or predict the health, personal preferences, interests, reliability, behavior, whereabouts or change of location of this natural person.

(6) Pseudonymization is the processing of personal data in a way in which the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data are not assigned to an identified or identifiable natural person.

(7) The person responsible or the person responsible for processing is the natural or legal person, public authority, agency or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the member states, the person responsible or the specific criteria for his appointment can be provided for in accordance with Union law or the law of the member states.

(8) Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible.

(9) The recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. Authorities that may receive personal data as part of a specific investigation under Union law or the law of the member states are not considered recipients.

(10) A third party is a natural or legal person, authority, institution or other body apart from the data subject, the person responsible, the processor and the persons who are authorized to process the personal data under the direct responsibility of the person responsible or the processor.

(11) Consent is any voluntary declaration of intent given by the data subject in an informed manner and unambiguously in the form of a declaration or other unequivocal affirmative action with which the data subject indicates that they are processing the data concerning them consent to personal data.

§ 3 PROVISION OF THE WEBSITE AND CREATION OF LOGFILES

(1) When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we automatically collect the following data and information from the computer system of the calling computer every time the website is accessed:

The user’s IP address
Information about the browser type and the version used
The user’s operating system
The user’s internet service provider
Date and time of access
Websites from which the user’s system accessed the website
Websites that are accessed by the user’s system via our website
Content of the calls (specific pages)
Amount of data transferred in each case
Search engines used
Names of downloaded files
The data is stored in the log files of our server. This data is not stored together with other personal data of the user.
When using this general data, we do not draw any conclusions about the person concerned. The data is only evaluated statistically.

(2) The legal basis for the temporary storage of log files is Art. 6 Para. 1 S. lit. f) GDPR.

(3) The temporary storage of the data by the system is necessary in order to

enable the website to be delivered to the user’s computer. To do this, the user’s IP address must be saved for the duration of the session.
to optimize the content of our website and the advertising for it
to ensure the functionality of our information technology systems and the technology of our website
To provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack.
Our legitimate interest in data processing in accordance with Art. 6 Paragraph 1 S. 1 lit. f) GDPR.

(4) The data will be deleted as soon as they are no longer required to achieve the purpose – in this case at the end of the usage process.
If the data is stored in log files, this is the case after 7 days at the latest. Storage beyond this is possible. In this case, the IP addresses are deleted or anonymized so that they can no longer be assigned to the calling client.

(5) The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website, which is why there is no possibility of objection.

§ 4 USE OF COOKIES

(1) This website uses so-called cookies. Cookies are small text files that, as soon as you visit a website, are sent from a web server to your browser and stored locally on your device (PC, notebook, tablet, smartphone, etc.) and stored on your computer and the user (i.e. us) send certain information. Cookies do not damage your computer and do not contain viruses. Each cookie contains a characteristic string of characters (so-called cookie ID), which enables the browser to be clearly identified when the website is called up again.

(2) We use cookies to make our website more user-friendly and to comply with legal requirements. For this we use, among other things Cookies

to make it easier for you to fill out forms
to make our multimedia content accessible to you.
For saving language settings
For the cookie banner
For the form function (Ninja Forms, see https://ninjaforms.com/privacy-policy/)
Some elements of our website require that the calling browser can also be identified after changing pages.

(3) We also use cookies on our website,

which enable an analysis of your surfing behavior
for the integration of user-oriented advertisements and for market research purposes
for the user-friendly use of our website by integrating third-party cookies (YouTube, Customer Alliance).
(4) When you visit our website, you will be informed about the use of cookies and consent to the processing of the personal data used in this context will be obtained. In this context, there is also a reference to this data protection declaration.

(5) The legal basis for the processing of personal data using technically necessary cookies is Art. 6 Para. 1 S. 1 lit. f) GDPR. The legal basis for the processing of personal data using cookies for analysis purposes, for advertising purposes, for third-party providers, if consent has been given, is Art. 6 Para. 1 lit. a) GDPR.

(6) The purpose of using technically necessary cookies is to simplify the use of websites for you. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after changing pages. Cookies are used in particular to make the website more customer-friendly and safer, in particular to collect usage-related information, such as the frequency of use and the number of users of the pages and the behavior of the page usage. The user data collected by technically necessary cookies are not used to create user profiles.
The purpose of using technically unnecessary cookies is to improve the quality of our website and its content. The analysis cookies tell us how the website is used and so we can continuously optimize our offer. The advertising cookies allow us to incorporate advertising according to your interests or to display them to you. The third-party cookies allow you to recognize our fonts in the correct form. This information may serve Also, if you visit the website again with the same device, we will automatically recognize you and make navigation easier for you.

(7) Permanent cookies are also saved when the browser session is ended and can be called up again when you visit the website again. The cookies are stored on your computer and transmitted from there to our website. You therefore have full control over the use of cookies. If you do not want data to be collected via cookies, you can set your browser via the menu under “Settings” so that you are informed about the setting of cookies or that you can generally exclude the setting of cookies or delete cookies individually. It should be noted, however, that deactivating cookies may restrict the functionality of this website. As far as session cookies are concerned, they will be automatically deleted after leaving the website.

§ 5 CONTACT FORM AND E-MAILS

(1) A contact form is available on our website that can be used to contact us electronically. If you take advantage of this option, the data entered in the input mask will be transmitted to us and saved. These data are:

E-mail address
message
Surname
address
At the time the message is sent, the following data is also stored:

IP address of the user
Date and time of registration
For the processing of the data, your consent is obtained during the sending process and reference is made to this data protection declaration.

(2) You are welcome to contact us by email. In this case, the personal data transmitted with the email will be saved. Insofar as this concerns information on communication channels (e.g. email address, telephone number), you also consent to us contacting you via this communication channel, if necessary, in order to answer your request. In this context, the data will not be passed on to third parties. The data will only be used to process the conversation.

(3) The legal basis for processing the data is Art. 6 Para. 1 S. 1 lit. a) GDPR. The legal basis for the processing of the data that is transmitted in the course of sending an e-mail is Art. 6 Para. 1 S.1 lit. f) GDPR. If the aim of the email contact is to conclude a contract, the additional legal basis for processing is Art. 6 Para. 1 S. 1 lit. b) GDPR.

(4) The processing of the personal data from the input mask serves us only to process the contact. We will of course only use the data from your email inquiries for the purpose for which you made them available to us when contacting us. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. This is also our legitimate interest.

(5) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that were sent by email, this is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the matter in question has been finally clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest. If the aim of the email contact is to execute a contract, the data will be deleted after the statutory (commercial or tax law) storage periods required for this have expired.

(6) You can revoke your consent to the processing of the email and its content at any time. In such a case, the conversation cannot be continued. Please contact the person responsible in accordance with. § 1. However, this possibility of revocation only exists if the email contact does not serve to prepare or execute a contract.

§ 6 NEWSLETTER

(1) With your consent, you can subscribe to our free newsletter, which we use to inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent. We use the so-called double opt-in procedure to register for our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within [24 hours], your information will be blocked and automatically deleted after one month. In addition, we save the IP addresses you use and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

(2) The only mandatory information for sending the newsletter is your email address.
The data will be forwarded to our newsletter service (see below) l.

(3) We point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent single-pixel image files that are stored on our website. For the evaluations, we link the data mentioned in § 3 [log files] and the web beacons with your e-mail address and an individual ID. The data is only collected in pseudonymised form, so the IDs are not linked to your other personal data, and direct personal reference is excluded. The legal basis for tracking is Art. 6 Para. 1 S. 1 lit. f) GDPR. These data will not be passed on to third parties. You can object to this tracking at any time by clicking on the separate link provided in every email or by informing us via another contact channel. The information is stored as long as you have subscribed to the newsletter. After you unsubscribe, we save the data purely statistically and anonymously.

(4) We use the CleverReach service of the provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. CleverReach is a service with which the newsletter dispatch can be organized and analyzed. For this purpose, the previously described logged data (IP address, registration / confirmation time) and the data entered are stored on Clever Reach servers in Germany or Ireland. The data is only collected in pseudonymised form, so the IDs are not linked to your other personal data, and direct personal reference is excluded. The use of Clever Reach enables us to analyze the behavior of newsletter recipients. Here u. a. It is analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking it can also be analyzed whether a previously defined action (e.g. purchase of a product on our website) has taken place after clicking the link in the newsletter. This in turn serves to get to know the reading habits of the users and to adapt the content accordingly; however, it is not intended to observe individual users. This is also our legitimate interest. Further information on data analysis by the CleverReach newsletter is available at: https://www.cleverreach.com/de/funktion/reporting-und-tracking/. The data processing with regard to the analysis takes place on the basis of our legitimate interests (Art. 6 Para. 1 lit. f) GDPR). If you do not want an analysis by CleverReach, you have to unsubscribe from the newsletter. We provide a link for this in every newsletter message. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe and will be deleted from our servers as well as from the CleverReach servers after you unsubscribe. This does not affect data that we have stored for other purposes (e.g. email addresses for the members’ area). For more information, see the CleverReach privacy policy at: https://www.cleverreach.com/de/datenschutz/. We have concluded an order data processing contract with CleverReach and fully implement the strict requirements of the German data protection authorities when using CleverReach.

(5) The information is stored as long as you have subscribed to the newsletter.

(6) The legal basis for the processing of the data after the user has registered for the newsletter is Art. 6 Para. 1 S. 1 lit. a) GDPR. The use of the dispatch service provider CleverReach, implementation of statistical surveys and analyzes as well as logging of the registration process, are based on our legitimate interests in accordance with. Art. 6 para. 1 sentence 1 lit. f) GDPR.

(7) The collection of the user’s email address is used to deliver the newsletter. The collection of other personal data (IP address, time of registration / confirmation) as part of the registration process serves to prevent misuse of the services or the email address used.

(8) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. Your email address and other personal data will therefore be stored for as long as the subscription to the newsletter is active.
The other personal data collected during the registration process (IP address, time of registration / confirmation) are usually deleted after a period of seven days.

(9) You can cancel the receipt of our newsletters at any time and thus revoke your consent by clicking on the “Unsubscribe newsletter” field in our newsletter linker or by sending us an email to info@guthoehne.de or a message to send the contact details given in the legal notice. This also enables you to revoke your consent to the storage of the personal data collected during the registration process (IP address, time of registration / confirmation). When you revoke the newsletter, we simultaneously delete your data in CleverReach and the statistical analyzes. A separate revocation of the dispatch by CleverReach or the statistical evaluation is unfortunately not possible.

§ 7 INQUIRIES ABOUT TABLE RESERVATION, EVENTS, MEETINGS

(1) In addition to the contact form, we offer you the option of making table reservations or inquiries about events or conferences via our website. The data is entered in an input mask and transmitted to us and stored. This data is generally not passed on to third parties unless there is a legal obligation to pass it on or the passing on is used for criminal or legal prosecution. The following data is collected:
a) Table reservations

E-mail address
Surname
Date / time
Number of people
Phone number
Optional: message
b) Event request

E-mail address
Surname
Art
Date / time
Number of people
message
company
address
phone
c) Conference request

E-mail address
Surname
company
address
phone
Period
Room size
Number of people
Seating
Optional: type and goal of the event, additional rooms, catering, technology, possible overnight stays
At the time the message is sent, the following data is also stored:

IP address of the user
Date and time of registration
For the processing of the data, your consent is obtained during the sending process and reference is made to this data protection declaration.

(2) The legal basis for the processing of the data is Art. 6 Para. 1 S. 1 lit. a) GDPR. If the request is aimed at concluding a contract, the additional legal basis for processing is Art. 6 Para. 1 S. 1 lit. b) GDPR.

(3) The processing of the personal data from the input mask serves us only to process the request. The other personal data processed during the sending process serve to prevent misuse of the request form and to ensure the security of our information technology systems.

(4) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the request, this is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the matter in question has been finally clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest. If the request is aimed at the implementation of a contract, the data will be deleted after the statutory (commercial or tax law) storage periods required for this have expired.

(5) You have the option to withdraw your consent to the processing of the request and its content at any time. In such a case, the conversation cannot be continued. Please contact the person responsible in accordance with. § 1. However, this revocation option only exists if the request does not serve to prepare or execute a contract.

§ 8 HOTEL REVIEWS

(1) We offer you the opportunity to post a review about our accommodation after check-out. For this we use the offer of CA Customer Alliance GmbH, Ullsteinstr. 130, 12109 Berlin, which acts on our behalf. We have concluded an order processing contract with CA Customer Alliance GmbH for this purpose. If you leave a rating, the data will be saved by CA Customer Alliance GmbH and passed on to us. The data will also be published on our website for hotel reviews. Your rating will be published with the post with your specified username. If you want to do this anonymously, you can enter any pseudonym. The specification of a user name and email address is required, all further information is voluntary. If you leave a rating, we will also save your IP address.
Otherwise, the data will not be passed on to other third parties.

(2) The legal basis for the collection of data is Art. 6 Para. 1 S. 1 lit. f) GDPR. The purpose and our legitimate interest is to communicate the opinions of our guests so that interested parties can get their own picture of our services and to improve our offer. If you provide your name, this is done voluntarily in accordance with Art. 6 Para. 1 S. 1 lit. a) GDPR.

(3) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. We therefore delete the IP address and the email address after [two weeks]. The ratings remain permanently visible on the homepage.

(4) You can revoke the use of the voluntarily provided data at any time by contacting the person responsible in accordance with. § 1 send a short email. You also have the option to have the publication of your review deleted at any time. Simply send us your objection to our e-mail address mentioned in § 1 and let us know which evaluation it is about.

(5) You can find more information about CA Customer Alliance GmbH at www.customer-alliance.com/datenschutzbestektiven/.

§ 9 SSL ENCRYPTION

Our website uses SSL encryption in the case of the transmission of confidential or personal data. This encryption is used, for example, for payment transactions and for inquiries to us via this website. In order to ensure that this encryption is actually active, you must monitor this on your part. The status of the encryption can be seen in the browser line; in the case of encryption, this changes from “http: //” to https: //. In the case of encryption, your data cannot be read by third parties. If the encryption is not active, please contact us in confidence using another contact option.

§ 10 BOOKINGS

(1) You can book overnight stays on our website. We use the OnePageBooking booking system from HotelNetSolutions GmbH, Genthiner Str. 8, 10785 Berlin, www.hotelnetsolutions.de. As part of the booking process, HotelNetSolutions receives the information that you have accessed the relevant booking mask on our website. In order to conclude a contract, it is necessary that you provide your personal data, which we need to process your booking. Mandatory information required for processing is marked separately, further information is voluntary. The data is entered in an input mask and transmitted to us and stored. The following data is collected when booking:

IP address
Date and time of the order
Surname
Address (possibly different delivery address)
E-mail address
Salutation
Payment Information
optional: company, telephone, fax
optional: travel data (number of people, period, extras)
The data is transmitted in encrypted form.

(2) The data will only be passed on to third parties if the transfer is necessary for the purpose of processing the contract or for billing purposes or to collect the fee or if you have given your express consent. In this regard, we only pass on the data required in each case. The data recipients are

Payment institutions for the purpose of collecting receivables, provided you have chosen direct debit as the method of payment
Payment service provider – depending on the choice of payment method, cf. § 11
HotelNetSolutions GmbH, Genthiner Str. 8, 10785 Berlin, www.hotelnetsolutions.de
(3) You can voluntarily set up a customer account through which we can save your data for future purchases. When you create an account under “My Account”, the data you provide will be saved and revocable.

(4) The legal basis is Article 6 (1) sentence 1 lit. b) GDPR. With regard to the voluntary data, the legal basis for processing the data is Art. 6 Para. 1 S. 1 lit. a) GDPR.

(5) The compulsory information collected is required to fulfill the contract with the user (for the purpose of confirming the content of the contract). We therefore use the data to answer your inquiries, to process your booking and for the purpose of technical administration of the website. The voluntary information is provided to prevent abuse and, if necessary, to investigate criminal offenses. We can also process the data you provide to inform you about other interesting products from our portfolio or to send you e-mails with information.

(6) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. Due to commercial and tax law requirements, we are obliged to save your address, payment and order data for a period of ten years after the contract has been executed. However, after xxx we restrict the processing, i. H. Your data will only be used to comply with legal obligations. With regard to the voluntarily provided data, we will delete the data at the end of xxx after the execution of the contract, provided that no further contract is concluded with the user during this time; in this case, the data will be deleted at the end of xxx after the last contract has been carried out.

(7) If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible if there are no contractual or legal obligations to prevent deletion. Otherwise, you are free to completely extract the personal data provided during registration from the database of the person responsible in accordance with. § 1 to be deleted. With regard to the voluntary data, you can withdraw your consent to the person responsible in accordance with. Explain § 1. In this case, the voluntary data will be deleted immediately.

(8) Further information on data protection at HotelNetSolutions GmbH can be found at www.hotelnetsolutions.de/datenschutz/.

§ 11 PAYMENT SERVICES

11.1 PayPal

(1) We have integrated components from PayPal on this website. PayPal is an online payment service provider. Payments are processed through virtual private or business accounts. PayPal also offers the option of processing virtual payments using credit cards if you do not have a PayPal account. A PayPal account is managed via an e-mail address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also acts as a trustee and offers buyer protection services.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

(2) If you select “PayPal” as the payment option in our online shop during the ordering process, your data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transfer of personal data required for payment processing.

(3) The personal data transmitted to PayPal are usually first name, last name, address, email address, IP address, telephone number, mobile phone number or other data that are necessary for payment processing. Personal data related to the respective order is also required to process the purchase contract.

(4) The purpose of transmitting the data is to process payments and prevent fraud. We will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission.

(5) PayPal may pass on the personal data to affiliated companies and service providers or subcontractors insofar as this is necessary to fulfill the contractual obligations or the data is to be processed on behalf of the company.

(6) The data subject has the option at any time to revoke their consent to the handling of personal data by PayPal. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

(7) PayPal’s applicable data protection provisions can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

11.2 Sofortüberweisung

(1) We have integrated components of Sofortüberweisung on this website. Sofortüberweisung is a payment service that enables cashless payment for products and services on the Internet. As a result, we immediately receive a payment confirmation and can deliver our goods immediately after ordering.

(2) The operator of Sofortüberweisung is Sofort GmbH, Theresienhöhe 12, 80339 Munich.

(3) If you select “Sofortüberweisung” as the payment option during the ordering process in our online shop, your data will be automatically transmitted to Sofort. By selecting this payment option, you consent to the transfer of personal data required for payment processing.

(4) When processing the purchase using Sofortüberweisung, you transmit the PIN and TAN to Sofort GmbH. Sofort GmbH then executes us after a technical check. The execution of the financial transaction is automatically communicated to us.

(5) The personal data exchanged with Sofortüberweisung are first name, last name, address, email address, IP address, telephone number, mobile phone number or other data that are necessary for payment processing. The purpose of transmitting the data is to process payments and prevent fraud. We will also transmit other personal data to Sofort GmbH if there is a legitimate interest in the transmission. The personal data exchanged between Sofort GmbH and us may be transmitted by them to credit agencies. The purpose of this transmission is to check your identity and creditworthiness.

(6) Sofort GmbH may pass on the personal data to affiliated companies and service providers or subcontractors insofar as this is necessary to fulfill the contractual obligations or the data are to be processed on behalf of the company.

(7) You have the option of revoking your consent to the handling of personal data by Sofort GmbH at any time. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

(8) The applicable data protection provisions of Sofortüberweisung can be found at https://www.sofort.de/datenschutz.html.

11.3 Credit Card

(1) We have integrated components for payment via credit card on this website, which enable cashless payment for products and services on the Internet.
The operating company is concardis GmbH, Helfmann-Park 7, 65760 Eschborn, www.concardis.com.

(2) If you select “credit card” as the payment option in our online shop during the ordering process, your data will be automatically transmitted to the credit card company. By selecting this payment option, you consent to the transfer of personal data required for payment processing.

(3) When making a purchase with a credit card, you transmit your name, your credit card number, the check digit and the expiry date of the credit card to the credit card company, the processing takes place in encrypted form. The credit card company then carries out the payment to us after a technical check.

(4) The transmission of the data is only intended to process payments.

(5) Further information can be found at www.concardis.com.

§ 12 DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

12.1 Links to external websites

This website contains links to external sites. We are responsible for our own content. We have no influence on the content of external links and are therefore not responsible for them, in particular we do not adopt their content as our own. If you are directed to an external page, the data protection declaration provided there applies. If you notice any illegal activities or content on this page, you are welcome to inform us. In this case, we will check the content and react accordingly (notice and take down procedure).

12.2 Rented server space

We point out that we use a rented server space from the provider HotelNetSolutions GmbH, Genthiner Str. 8, 10785 Berlin, www.hotelnetsolutions.de. When you visit the website, the provider of the server space therefore receives various information. These are automatically saved by him in so-called server log files (see § 3), which your browser automatically transmits. More information about the data can be found in § 3.

12.3 Integration of YouTube videos

We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.com and can be played directly from our website. YouTube is operated by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. You Tube LLC is a subsidiary of Google Inc. When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. The following data is transmitted here:

Device-specific information, for example the hardware used; the version of the operating system; Unique device identifier and information about the cellular network including your telephone number
Log data in the form of server logs. These include details of how the services were used, such as search queries; IP address; Hardware settings; Browser type; Browser language; The date and time of your request; Original page; Cookies that can be used to uniquely identify your browser or your Google account
Location related information. Information about your actual location may be recorded by Google. This includes, for example, your IP address, your WLAN access points or cell towers
You can find more information about the data collected by Google, INC under the following link: https://policies.google.com/privacy?hl=de&gl=de.
This happens regardless of whether YouTube provides a user account that you are logged in to or whether there is no user account. If you are logged into Google, your data will be assigned directly to your account.
The legal basis for the processing of personal data is Article 6 Paragraph 1 S.1 lit. a) GDPR. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
The integration of the videos serves to make the website clearer for the user and to increase the search engine ranking of the website on Google and to refer more specifically to our specially produced videos. YouTube stores your data as a usage profile and uses it for advertising, market research and / or needs-based design of its website. Such an evaluation takes place in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. This is also our legitimate interest.
If you do not want the assignment to your profile on YouTube, you must log out before activating the button.
The duration of the storage depends on the storage periods on YouTube.
You have the right to object to the creation of these user profiles, whereby to exercise this you must contact YouTube or the person responsible, namely Google Ireland Ltd., Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland.
Further information on the purpose and scope of data collection and its processing by YouTube can be found in YouTube’s privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy.

§ 13 WEB ANALYSIS BY GOOGLE ANALYTICS

(1) We use the service of Google Inc. (Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA) on our website to analyze the surfing behavior of our users. The software sets a cookie on your computer (for cookies see § 4). If individual pages of our website are called up, the following data is stored:

Two bytes of the IP address of the calling system of the user
The accessed website
Entry pages, exit pages,
The time spent on the website and the dropout rate
The frequency with which the website is accessed
Country of origin and regional origin, language, browser, operating system, screen resolution, use of Flash or Java
used search engines and used search terms
(2) The information generated by the cookie about the use of this website by the user is usually transmitted to a Google server in the USA and stored there.

(3) The legal basis for the processing of personal data is the consent of the user in accordance with. Art. 6 para. 1 sentence 1 lit. a) GDPR. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

(4) Google will use this information on our behalf to evaluate your use of the website and to compile reports on website activity. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness.

(5) The data will be deleted as soon as they are no longer required for our recording purposes. In our case, this is the case after 24 months.

(6) The cookies used are stored on your computer and transmitted from there to our website. Cookies that have already been saved can be deleted at any time. This gives you the option of revoking your consent to the processing of personal data at any time by preventing the storage of cookies by setting your browser software accordingly (deactivation or restriction); however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install. The current link is: “http://tools.google.com/dlpage/gaoptout?hl=de.”

(7) Alternatively, you can object to the use of cookies on our site by ticking the box that lights up. In this case, a so-called “opt-out cookie” is installed on your computer, with the result that no more session data is collected. Opt-out cookies prevent the future collection of your data when you visit this website. In order to prevent the collection by Universal Analytics across different devices, you must perform the opt-out on all systems used. If you visit our website with your mobile device, you can also object to its use here and deactivate Google Analytics by clicking on the following link: Deactivate Google Analytics. In this case, a cookie is set in your browser, which tells Google to stop tracking.

(8) The person responsible is Google Ireland Ltd., Gordon House, 4 Barrow Street, Dublin, Ireland, Fax: +353 (1) 436 1001. You can find more information in the user conditions at http://www.google.com/analytics /terms/de.html, in the overview of data protection at http://www.google.com/intl/de/analytics/learn/privacy.html and in the data protection declaration at http://www.google.de/intl / de / policies / privacy.

§ 14 GOOGLE CONVERSION TRACKING

(1) We use the Google Conversion Tracking service on our website to evaluate Google AdWords. It is an analysis service provided by Google Inc. (Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA) to analyze the surfing behavior of our users. The software places a cookie on your computer (for information on cookies, see Section 4), a so-called “conversion cookie”. If individual pages of our website are called up, information is saved by Google. The information generated by the cookie about the use of this website by the user is usually transmitted to a Google server in the USA and stored there. If you visit certain pages of ours and the cookie has not yet expired, we and Google can recognize that the ad was clicked and you were redirected to our site.

(2) However, we do not receive any personal data ourselves.

(3) The information obtained using the conversion cookie is used to compile statistics for us. This tells us the number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. By evaluating the data obtained, we are able to compile information about the use of our advertisements.

(4) The legal basis for the processing of personal data is your consent in accordance with. Art. 6 para. 1 sentence 1 lit. a) GDPR. For cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

(5) The cookie loses its validity after 30 days. Since we do not collect any data ourselves, we do not save it. As far as Google Inc. collects data, we have no influence on the deletion periods.

(6) The cookies used are stored on your computer and transmitted from there to our website. You have the option at any time to revoke your consent to the processing of personal data by preventing the storage of cookies by setting your browser software accordingly (deactivation or restriction); however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

(7) The third party provider is Google Ireland Ltd., Gordon House, 4 Barrow Street, Dublin, Ireland, Fax: +353 (1) 436 1001. Further information can be found in the terms of use at http://www.google.com /analytics/terms/de.html, in the overview of data protection at http://www.google.com/intl/de/analytics/learn/privacy.html and in the data protection declaration at http://www.google.de / intl / de / policies / privacy.

§ 15 FACEBOOK, CUSTOM AUDIENCES AND FACEBOOK MARKETING SERVICES (TRACKING PIXEL)

(1) Due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes, the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”) is used.

(2) With the help of the Facebook pixel, Facebook is on the one hand able to determine the visitors to our online offer as a target group for the presentation of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to only display the Facebook ads placed by us to Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products that are based on the visited Websites) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we would also like to ensure that our Facebook ads correspond to the potential interest of the users and are not annoying. With the help of the Facebook pixel, we can also understand the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook ad (so-called “conversion”).

(3) The Facebook pixel is directly integrated by Facebook when you visit our website and can store a so-called cookie on your device, i.e. save a small file. If you then log in to Facebook or visit Facebook while logged in, the visit to our online offer will be noted in your profile. The data collected about you is anonymous to us, so it does not provide us with any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook as well as for its own market research and advertising purposes. If we should transmit data to Facebook for comparison purposes, it will be encrypted locally in the browser and only then sent to Facebook via a secure https connection. This is done solely for the purpose of making a comparison with the data that is also encrypted by Facebook.

(4) Furthermore, when using the Facebook pixel, we use the additional function “extended comparison” (this involves data such as telephone numbers, email addresses or Facebook IDs of the users) to create target groups (“Custom Audiences” or “Look Alike Audiences” “) Transmitted to Facebook (encrypted). Further information on the “extended comparison”: https: //www.facebook.com/business/help/611774685654668.

(5) The legal basis for processing the data is Art. 6 Para. 1 S. 1 lit. a) GDPR. Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

(6) Also on the basis of your consent, Art. 6 Para. 1 lit. a) GDPR) we use the “Custom Audiences from File” procedure of the social network Facebook, Inc. In this case, the email addresses of the newsletter recipients are uploaded to Facebook. The upload process is encrypted. The upload is used solely to determine the recipients of our Facebook ads. We want to ensure that the ads are only shown to users who are interested in our information and services.

(7) The processing of the data by Facebook takes place within the framework of Facebook’s data usage guidelines. Accordingly, general information on the presentation of Facebook ads can be found in Facebook’s data usage guidelines: https://www.facebook.com/policy.php. Special information and details about the Facebook pixel and how it works can be found in the Facebook help section: https://www.facebook.com/business/help/651294705016616.

(8) You have the option of revoking your consent to the processing of personal data at any time by preventing the storage of cookies by setting your browser software accordingly (deactivation or restriction); however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. To set which types of advertisements are shown to you within Facebook, you can call up the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are adopted for all devices such as desktop computers or mobile devices.

§ 16 GOOGLE DOUBLECLICK

(1) This website uses Google DoubleClick. This is a service for the integration of advertisements from Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA. DoubleClick transfers data to the DoubleClick server with every impression as well as with clicks or other activities. Each of these data transfers triggers a cookie request to your browser. If the browser accepts this request, DoubleClick sets a cookie (see on cookies, § 4). Your browser is assigned a pseudonymous identification number (ID) to check which advertisements have been shown in your browser and which advertisements have been viewed. The cookies enable Google and their partner websites, including us, to place advertisements based on previous visits to our or other websites. Each time one of our individual pages is called up, on which a DoubleClick component has been integrated, the internet browser is automatically prompted to transmit data to Google for the purpose of online advertising and billing of commissions.

(2) The cookie ID also enables DoubleClick to record conversions. Conversions are recorded, for example, if you have previously been shown a DoubleClick advertisement and you subsequently make a purchase on the advertiser’s website using the same Internet browser.

(3) The cookies do not collect any personal data. A DoubleClick cookie can, however, contain additional campaign IDs. A campaign identifier is used to identify the campaigns with which you have already been in contact.

(4) We have no influence on the data collected, nor do we know the full extent of the data collection and the duration of storage. Your data will be transferred to the USA and evaluated there. If you are logged in with your Google account, your data can possibly be assigned to this.

(5) The purpose of the cookie is to optimize and display advertising that may be of interest to you, in order to make our website more interesting for you and to be able to finance it. This also enables reports on advertising campaigns to be created or improved as well as multiple displays the same advertising can be avoided.

(6) The legal basis for processing your data is your consent in accordance with. Art. 6 para. 1 sentence 1 lit. a) GDPR. For cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

(7) You can prevent the installation of Google DoubleClick cookies in various ways. This gives you the option of revoking your consent to the processing of personal data at any time by preventing the storage of cookies by setting your browser software accordingly (deactivation or restriction); however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent:
a) – By setting your browser software accordingly, in particular by suppressing third-party cookies, you will not receive any advertisements from third-party providers; In this case, however, you may not be able to use all the functions of our website.
b) – By permanent deactivation in your Firefox, Internet Explorer or Google Chrome browsers under the link https://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.

(8) The controller is Google Ireland Ltd., Gordon House, 4 Barrow Street, Dublin, Ireland, Fax: +353 (1) 436 1001. For further information on the data protection conditions for advertising, please visit http://www.google .de / intl / de / policies / privacy.

§ 17 GOOGLE ADWORDS CONVERSION WITH REMARKETING

(1) This website uses Google Adwords. This is a service for the integration of advertisements from Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA.

(2) Google AdWords enables an advertiser to define keywords by means of which an advertisement is only displayed in Google’s search engine results when the search engine retrieves a keyword-relevant search result. In the Google advertising network, the ads are distributed to topic-related websites using an automatic algorithm and taking into account the previously defined keywords.

(3) Google Adwords aims to promote our website by displaying interest-based advertising on third-party sites, in the results of the Google search engine and through third-party advertisements on our site. We are interested in showing you advertisements that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs. These advertising media are delivered by Google via so-called “ad servers”. To do this, we use ad server cookies, through which certain parameters for measuring success, such as the insertion of advertisements or clicks by the user, can be measured. If you access our website via a Google ad, Google Adwords will store a cookie on your PC. These cookies usually lose their validity after 30 days. The analysis values ​​for this cookie are usually the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wants to be addressed) saved.

(4) The cookies enable Google to recognize your internet browser (see also § 4). If a user visits certain pages of the website of an Adwords customer and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Adwords customer. Cookies cannot therefore be tracked via the websites of Adwords customers. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify users on the basis of this information. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out your IP address and save it. We ourselves do not collect or process any personal data in the aforementioned advertising measures.

(5) Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the data collected, nor do we know the full extent of the data collection and the duration of storage. Your data will be transmitted to the USA and evaluated there. By integrating AdWords Conversion, Google receives the information that you are visiting the corresponding part of our website have accessed or clicked on an advertisement from us; Furthermore, both Google and we receive the information via the conversion cookie as to whether you generated sales if you reached our website via an AdWords ad.

(6) Remarketing: In addition to Adwords Conversion, we use the Google Remarketing application. This is a function that enables us to show advertisements to Internet users who have previously been on our website. This is intended to show you advertisements that are relevant to your interests. This is done by means of cookies stored in your browser, through which your usage behavior when visiting various websites is recorded and evaluated by Google. Every time you visit a website on which the Google Remarketing service has been integrated, the data subject’s browser automatically identifies itself with Google, so that Google can determine your previous visit to our website. As part of this technical process, Google gains knowledge of personal data, i.e. via your IP address or your surfing behavior. A merging of the data collected in the context of remarketing with your personal data, which may be stored by Google, does not take place by Google according to its own statements. However, this data is also transmitted to Google in the USA and stored there.

(7) The legal basis for the processing of the data is your consent in accordance with. Art. 6 para. 1 sentence 1 lit. a) GDPR. For cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

(8) You can prevent participation in this tracking process in various ways. This gives you the option of revoking your consent to the processing of personal data at any time by preventing the storage of cookies by setting your browser software accordingly (deactivation or restriction); however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent:
a) – by setting your browser software accordingly, in particular by suppressing third-party cookies, you will not receive any advertisements from third-party providers; In this case, however, you may not be able to use all the functions of our website.
b) – by deactivating the cookies for conversion tracking by setting your browser so that cookies from the domain “www.googleadservices.com” are blocked, https://www.google.de/settings/ads, whereby these Setting will be deleted if you delete your cookies;
c) – by deactivating the interest-based advertisements of the providers who are part of the self-regulation campaign “About Ads” via the link http://www.aboutads.info/choices, whereby this setting is deleted when you delete your cookies;
d) – by permanent deactivation in your Firefox, Internet Explorer or Google Chrome browsers under the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.

(9) The controller is Google Ireland Ltd., Gordon House, 4 Barrow Street, Dublin, Ireland, Fax: +353 (1) 436 1001. You can find more information on data protection at Google here: http://www.google.com / intl / de / policies / privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http: //www.networkadvertising.org.

§ 18 JOB OFFERS

(1) We offer job advertisements on our website.

(2) You can send us application documents by email or by post. As part of this, we process the information that we receive from you as well

E-mail address
Possibly. further information which is transmitted via the e-mail
(3) We do not conduct research about you on the Internet (so-called background checks).

(4) Your data will initially only be processed to carry out the application process. If your application is successful, the data will become part of the personnel file and can be used to implement and terminate the employment relationship. If we are currently unable to offer you employment, we will process your data in order to defend ourselves against possible legal claims, in particular because of an alleged disadvantage in the application process. Insofar as you receive reimbursement of costs, the corresponding booking documents will be processed in order to meet the retention requirements under commercial and tax law. The legal basis for data processing is therefore Art. 6 Para. 1 lit. b) GDPR, insofar as the data processing serves to decide on the establishment of an employment relationship and as far as the data are then included in the employment relationship. If the storage serves to secure claims, the legal basis is Art. 6 Para. 1 lit. f) GDPR. A legitimate interest here is the receipt of evidence for a possible defense. We process information and documents (e.g. photos) that are not required for the aforementioned purposes on the basis of your implied consent in accordance with. Art. 6 para. 1 lit. a) GDPR, which you have given us by sending. Insofar as you receive reimbursements from us, the legal basis is Art. 6 Para. 1 lit. c) GDPR.

(5) We store the data required for the successful application and for the employment relationship until the end of the employment relationship and for a period of up to 3 years thereafter. We process the data relating to an application for which we had to decide to reject it for a period of 2 months after sending the rejection in order to safeguard our legitimate interests. If we are used in the context of a process, we will save the data until it is completed. This also applies to the voluntarily received data. Insofar as you receive reimbursement of costs, the corresponding accounting documents will be kept for the fulfillment of the commercial and tax retention obligations up to a maximum of March 31 of the eleventh calendar year after payment, in the case of commercial and business letters and other tax-relevant documents for the seventh calendar year after their creation.

(6) With regard to the voluntarily provided data, you have a right of revocation, which you can at any time vis-à-vis the person responsible in accordance with. § 1 can exercise.

§ 19 RIGHTS OF THE AFFECTED PERSON

If your personal data is processed, you are the person concerned within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible in accordance with. § 1 to:

Right to information
Right to rectification
Right to restriction of processing
Right to cancellation
Right to be informed
Right to data portability
Right to object to processing
Right to withdraw consent under data protection law
Right to withdraw consent under data protection law
Right not to apply an automated decision
Right to complain to a supervisory authority

19.1 Right to Information

(1) You can request confirmation from the person responsible as to whether personal data relating to you is being processed by us. If such processing is available, you can request information from the person responsible at any time free of charge about the personal data stored about you and about the following information:
a) the purposes for which the personal data are processed;
b) the categories of personal data that are processed;
c) the recipients or the categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
d) the planned duration of the storage of your personal data or, if specific information on this is not possible, criteria for determining the storage duration;
e) the existence of a right to correction or deletion of your personal data, a right to restrict processing by the person responsible or a right to object to this processing;
f) the right to lodge a complaint with a supervisory authority;
g) all available information about the origin of the data if the personal data are not collected from the data subject;
h) the existence of automated decision-making including profiling in accordance with Art. 22 Para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

(2) You have the right to request information about whether the personal data relating to you are being transmitted to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with. Art. 46 GDPR to be informed in connection with the transfer.

19.2 Right to Correction

You have the right to immediate correction and / or completion vis-à-vis the person responsible if the processed personal data concerning you is incorrect or incomplete.

19.3 Right to restriction of processing

(1) Under the following conditions, you can demand that the person responsible immediately restrict the processing of your personal data:
a) if you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to check the accuracy of the personal data;
b) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
c) the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
d) if you have lodged an objection to the processing in accordance with Art. 21 Paragraph 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.

(2) If the processing of your personal data has been restricted, this data – apart from its storage – may only be used with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of a important public interest of the Union or a Member State. Has the processing been restricted according to the above? Restricted requirements, you will be informed by the person responsible before the restriction is lifted.

19.4 Right to Erasure

(1) You can request the person responsible to delete your personal data immediately if one of the following reasons applies:
a) The personal data relating to you are no longer necessary for the purposes for which they were collected or otherwise processed.
b) You revoke your consent on which the processing was based according to. Art. 6 para. 1 lit. a or Art. 9 Para. 2 lit. a GDPR, and there is no other legal basis for the processing.
c) According to 21 para. 1 GDPR objection to the processing and there are no overriding legitimate reasons for the processing, or you object acc. Art. 21 para. 2 GDPR objection to the processing.
d) The personal data concerning you have been processed unlawfully.
e) The deletion of your personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the person responsible is subject.
f) The personal data relating to you was collected in relation to the information society services offered in accordance with Art. 8 Paragraph 1 GDPR.

(2) Has the person responsible made the personal data concerning you public and is acc. Art. 17 (1) GDPR is obliged to delete them, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform those responsible for data processing who process the personal data that you are the data subject Person have requested that you delete all links to this personal data or copies or replications of this personal data.

(3) The right to deletion does not exist if processing is necessary
a) to exercise the right to freedom of expression and information;
b) to fulfill a legal obligation required by the law of the Union or of the member states to which the person responsible is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible ;
c) for reasons of public interest in the area of ​​public health in accordance with Art. 9 Para. 2 lit. h and i as well as Art. 9 Para. 3 GDPR;
d) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes acc. Art. 89 para. 1 GDPR, insofar as the right mentioned under section a) is likely to make the realization of the objectives of this processing impossible or seriously impair it, or
e) for the establishment, exercise or defense of legal claims.

19.5 Right to be informed

If you have asserted the right to correction, deletion or restriction of processing against the person responsible, the person responsible is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this correction / deletion / restriction of processing, unless this proves is impossible or involves a disproportionate effort. You have the right to be informed about these recipients by the person responsible.

19.6 Right to data portability

(1) You have the right to receive the personal data concerning you, which you have provided to the person responsible, in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another person in charge without hindrance by the person in charge to whom the personal data was provided, provided that
a) the processing is based on consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract according to. Art. 6 para. 1 lit. b GDPR is based and
b) the processing is carried out using automated procedures.

(2) In exercising this right, you also have the right to have your personal data transmitted directly from one person responsible to another, insofar as this is technically feasible. This must not impair the freedoms and rights of other people.

(3) The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or is carried out in the exercise of official authority that has been transferred to the person responsible.
In order to assert the right to data portability, the data subject can contact the person responsible for processing at any time.

19.7 Right to Object

(1) You have the right, for reasons that arise from your particular situation, to object at any time to the processing of your personal data that is based on Art. 6 Para. 1 lit. e or f DSGVO takes place to object; this also applies to profiling based on these provisions.

(2) The person responsible no longer processes the personal data relating to you, unless he can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

(3) If the personal data concerning you are processed in order to operate direct mail, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is connected to such direct advertising. If you object to processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.

(4) In connection with the use of information society services – regardless of Directive 2002/58 / EC – you have the option of exercising your right of objection by means of automated procedures in which technical specifications are used.

(5) To exercise the right to object, the data subject can contact the person responsible for processing directly.

19.8 Right to withdraw the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of revocation. You can contact the person responsible for this.

19.9 Right to automated decision-making in individual cases, including profiling

(1) You have the right not to be subject to a decision based solely on automated processing – including profiling – which has legal effects on you or which significantly affects you in a similar manner. This does not apply if the decision
a) is necessary for the conclusion or performance of a contract between you and the person responsible,
b) is permissible on the basis of Union or Member State legislation to which the controller is subject and this legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests
c) is made with your express consent.

(2) However, these decisions may not be based on special categories of personal data according to Art. 9 Paragraph 1 GDPR, unless Art. 9 Paragraph 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

(3) With regard to the cases mentioned in (1) and (3), the person responsible shall take appropriate measures to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the person responsible, to explain the own point of view and to contest the decision heard.
(4) If the data subject wishes to assert rights with regard to automated decisions, they can contact the person responsible for processing at any time.

19.10 Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged violation, if you are of the opinion that the processing of your personal data is against violates the GDPR. The supervisory authority to which the complaint was submitted informs the complainant about the status and the results of the complaint, including the possibility of a judicial remedy according to Art. 78 GDPR.

§ 20 CHANGES TO THE PRIVACY POLICY

We reserve the right to change our data protection practices and these provisions in order to adapt them to changes in relevant laws or regulations or to better meet your needs. Any changes to our data protection practices will be announced here accordingly. Please note the current version date of the data protection declaration.

Release:  March 18th 2020