These are the guidelines that we use for our websites:
We undertake to comply with the legal privacy provisions and strive to adhere to the principles of data reduction and data economy.
1. Name and address of the controller and data protection commissioner
The controller in the terms of the General Data Protection Regulation and other national data protection acts of the member states of the European Union and any other data protection provisions is:
Dr. Klaus Karg KG
Represented by Dr. Klaus Karg
Alte Rother Str. 10
Phone: 09122 6311- 0
Fax: 09122 6311 - 63
b) Data Protection Commissioner
The data protection commissioner of the controller is:
Eschenbacher IT-Consulting & Service
3. Lawfulness of processing personal data
a) Processing of personal data in accordance with GDPR
We will only process your personal data, such as your first name and surname, your e-mail address, your IP address etc., if there is a corresponding legal basis for it. This includes especially the following provisions of the General Data Protection Regulation:
- Article 6 paragraph 1 sentence 1 a of the GDPR: The data subject has given consent to the processing of his or her personal data for one or more specific purposes
- Article 6 paragraph 1 sentence 1 b of the GDPR: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
- Article 6 paragraph 1 sentence 1 c of the GDPR: Processing is necessary for compliance with a legal obligation to which the controller is subject
- Article 6 paragraph 1 sentence 1 d of the GDPR: Processing is necessary in order to protect the vital interests of the data subject or of another natural person
- Article 6 paragraph 1 sentence 1 e of the GDPR: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- Article 6 paragraph 1 sentence 1 f of the GDPR: Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child
b) Consent by the holder of parental responsibility in accordance with article 8, paragraph 1, sentence 2, alternative 2 of the GDPR
If any data processing in connection with this website would require consent of a minor that has not yet completed their 16th year of age, then a holder of parental responsibility has to consent instead.
You can revoke your consent at any time by sending an according notice of revocation in writing towards the provided contact data of the controller. Until such revocation, processing remains legal.
c) Processing of information in accordance with § 25, paragraph 1 of the TTDSG
We also process information according to § 25, paragraph 1, of the TTDSG, when we store new data or access existing data on your terminal equipment. These can be both personal or non-personal data, such as cookies, browser fingerprints, advertising IDs, MAC addresses or IMEI numbers. Terminal equipment stands for any setup linked directly or indirectly to the interface of a public telecommunications network, and is meant to send, process or receive data (see § 2, paragraph 2, number 6 of the TTDSG).
This data is normally only processed based on your consent (see § 25, paragraph 1 of the TTDSG).
In some cases, § 25, paragraph 2, numbers 1 and 2 of the TTDSG provide an exception, wherefore we do not require your consent. One such exception occurs, when we access or store information solely to send a message over a public telecommunications network, or when this is absolutely necessary to provide you with a telemedia service that you specifically requested. You can revoke your consent at any time.
Please be advised, that revoking your consent does not affect the legality of the processing carried out on the basis of your consent before revocation.
4. Disclosure of personal data
The disclosure of personal data is a processing operation as described in the previous clause 3. We still wanted to inform you separately about the disclosure of data to third parties. The protection of your personal data is very important to us. That’s why we are especially careful when considering whether we should disclose your data to any third parties.
Such a disclosure to third parties can therefore only occur, when there is a legal basis for processing. For example, we will pass on personal data to individuals or companies that work for us as processors according to article 28 of the GDPR. Such a processor is anyone that we have instructed to process personal data, especially if there is a relationship of instruction and control.
As prescribed by the GDPR, we will always enter into a contract with each such processor, that requires them to adhere to data privacy regulations and to comprehensively protect your data.
5. Duration of storage and deletion
We will delete your personal data in the following cases: if they are no longer necessary for the purpose, for which they were collected or otherwise processed; if processing isn’t required for exercising the right of freedom of expression and information; if processing isn’t necessary to comply with a legal obligation; if processing isn’t in the public interest; or if processing isn’t required to enforce, exercise, or defend any legal claims.
6. SSL/TLS encryption
For security reasons and in order to protect the transmission of confidential content, such as the inquiries that you send to us as the website operator, we use SSL/TLS encryption. You can detect encrypted connections because the address bar of the browser changes from “http://” to “https://” and there is a lock symbol before the URL.
With an activated SSL/TLS encryption, no third-party can read any data that you transfer to us.
a) Technically necessary cookies
We use technically necessary cookies to make the use of our offering more convenient for you. Among others these can be so-called session cookies (for settings of language and font, shopping basket etc.), consent cookies, or cookies for server stability and security. Legally these cookies are based on our legitimate interest to operate our website without problems and to provide you with optimised services (in accordance with article 6, paragraph 1, sentence 1 f of the GDPR).
b) Other cookies
Other cookies are used for the purposes of statistics, analysis, marketing and retargeting.
We use these cookies based on your consent according to article 6 paragraph 1 sentence 1 a of the GDPR.
Please be advised, that revoking your consent does not affect the legality of the processing carried out on the basis of your consent before revocation.
8. Cookie banner
To ask you to consent to our used cookies, we rely on the cookie banner offered by the service provider CCM19. It will place a so-called consent cookie, to prompt and process the state of consent. This consent cookie is technically necessary, and is therefore used based on our legitimate interest (in accordance with article 6, paragraph 1, sentence 1 f of the GDPR, and § 25, paragraph 1 of the TTDSG).
9. Collection and storage of personal data and how and to what purpose we will use it
a) External hosting
Our website is hosted by Hetzner Online GmbH at the following address: Industriestraße 25, 91710 Gunzenhausen, Germany. For this reason, all personal data collected on our website is stored on the servers of our hoster, unless a third-party service participates in the process. This can encompass your IP address, e-mail address, communications data or similar. Below we will explain what concrete personal data is being processed for each of the functions and services here presented. If we rely on the external services of a third-party, we will explicitly state this in the description of the service or tool in question.
The hoster will process your data only as instructed by us, and only as far as this is necessary to make the offerings of our website available to you. The hoster will not process your data for their own purposes. We have entered into a contract with the hoster, instructing them on how to process your data.
b) When you visit the website
When you access our website, the browser used on your device will automatically send certain information to our website server. This information will be temporarily stored in a so-called log file. The information that will be automatically collected and stored until the automatic deletion will be the following:
- IP address of the computer sending the request
- date and time of access
- name and URL of the requested file
- browser used and in some cases the operating system your computer uses and the name of your access provider
We will process these data for the following purposes:
- evaluation of the security and stability of our system
Any data that can be tracked back to you, such as the IP address, will be deleted after 7 days or earlier. If we store the data longer, then we will allocate pseudonyms so that tracking them to you is no longer possible.
Legally, the data processing is based on article 6 paragraph 1 sentence 1 f of the GDPR. Our legitimate interest stems from the above purposes for the collection of data. We will never use any data collected to try and track you as a person.
c) Contact e-mail
You can send us an e-mail using the e-mail address stated on our website. In this case we will store and process your e-mail address and the data you provide in your e-mail according to article 6 paragraph 1 sentence 1 b and f of the GDPR in order to process your message.
d) Google Maps
This website uses the Google Maps API. By using Google Maps, certain data on how you use this website (including without limitation your IP address) can be sent to a Google server (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) in the USA and be stored there.
Google might transfer such data to a third-party if this is a legal requirement or if such third-party acts as a data processing commissioner on behalf of Google. However, your IP address will never be connected to any other Google data. We still need to point out that, technically, it is possible for Google to identify individual users based on the data received.
Google Maps is intended as a service for you so you can see where exactly we are located and if needed plan your route accordingly. Using Google Maps is based on your consent in accordance with article 6 paragraph 1 sentence 1 f of the GDPR. When asking for consent, we use the Joomla plugin provided by J and Beyond Verein zur Förderung freier Content Management Systeme e.V., at the following address: Brüsseler Ring 67, c/o Robert Deutz Business Solution, 52074 Aachen, Germany.
10. Analysing and tracking tools
We use the following analysing and tracking tools on our website. Their purpose is to ensure continuous optimisation of our website and to adapt it to specific needs.
We use these tools based on your consent according to article 6 paragraph 1 sentence 1 a of the GDPR. You can revoke your consent at any time by changing the cookie settings. Until such revocation, processing remains legal.
The purposes of data collection and the data categories are each stated in the respective tools. Please note, that we have no influence on how and to what extent the service providers will further process your data.
a) Matomo (formerly “Piwik”)
The cookies contain usage data and are used to transfer those to our server, where we store them for further usage analysis and for optimisation of our website. The usage data also contains your IP address, however it is shortened and anonymised to protect your privacy as a user.
The data generated by the cookie will never be passed on to any third-party.
b) Facebook Conversion Pixel
We use the “Conversion Pixel” or user action pixel of Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). By accessing this pixel from your browser, Meta Platforms can subsequently recognise whether a Facebook advertisement was successful, for example if it resulted in an online purchase.
Meta might potentially transfer the data to other countries as well, to so-called insecure third countries (like the US for instance).
We only receive statistical data that don't relate to a specific person from Meta Platforms. This way, we can determine how effective Facebook advertisements were for statistical and marketing purposes. Please also note Facebook’s privacy information, especially if you have a Facebook account: https://www.facebook.com/about/privacy/.
11. Social Media
On our website, we use the following social media plugins to improve the popularity of our website. The legal basis for using the social media plugins is your consent in accordance with article 6 paragraph 1 sentence 1 a of the GDPR.
We aim to operate our website according to the data protection laws while still offering you the benefits of the social media services stated.
This is why we use Shariff. Shariff replaces the usual share buttons of social networks and protects your surfing behaviour from nosey glances. This is how we protect the privacy of our website’s visitors from unnecessary data transmission by and to social networks. Our users can still share pages with their friends with one click.
Responsibility for data protection compliant operation must be guaranteed by the respective suppliers.
On our website, we use the plugin of the Pinterest social network operated by Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland).
Once you activate this plugin, your browser will establish a direct connection to the Pinterest servers. The plugin usually transfers protocol data to the US Pinterest server. These protocol data may contain your IP address, the address of any websites visited that contain Pinterest functionalities, what kind of browser you use and what settings you chose, the date and time of request, how you use Pinterest and any cookies.
12. Rights of the data subject
You are entitled to the following:
a) Right of access
According to article 15 of the GDPR, you are entitled to obtain information on your personal data processed by us. This includes without limitation information on
- the purposes of the processing
- the categories of personal data concerned
- the recipients or categories of recipient to whom the personal data have been or will be disclosed
- the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- the existence of the right to request rectification or deletion of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
- the right to lodge a complaint with a supervisory authority
- where the personal data are not collected from the data subject, any available information as to their source
- the existence of automated decision-making, including profiling, and if possible meaningful information about the logic involved
b) Right to rectification
According to article 16 of the GDPR, you have a right to rectification of inaccurate or incomplete personal data that are stored with us without undue delay.
c) Right to deletion
According to article 17 of the GDPR, you have a right to deletion of your personal data stored with us without undue delay unless further processing is necessary due to one of the following reasons:
- The personal data are still necessary for the purpose, for which they were collected or otherwise processed
- For exercising the right of freedom of expression and information
- For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- For reasons of public interest in the area of public health in accordance with article 9 paragraph 2 h and i and article 9 paragraph 3 of the GDPR
- For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with article 89 paragraph 1 of the GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing
- For the establishment, exercise or defence of legal claims
d) Right to restriction of processing
According to article 18 of the GDPR, you are entitled to demand restriction of processing of your personal data where one of the following applies:
- You contest the accuracy of your personal data
- The processing is unlawful and you oppose the deletion of the personal data
- We no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims
- You have objected to processing pursuant to article 21 paragraph 1 of the GDPR
e) Right of notification
We will communicate any rectification or deletion of personal data or restriction of processing carried out in accordance with article 16, article 17 paragraph 1 and article 18 of the GDPR to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You are entitled to know who those recipients are.
f) Right to data portability
You have the right to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format.
You also have the right to have the personal data transmitted directly to a third party if the processing was carried out automatically and is based on consent according to article 6 paragraph 1 sentence 1 a or article 9 paragraph 2 a or a contract according to article 6 paragraph 1 sentence 1 b of the GDPR.
g) Right to withdraw your consent
According to article 7 paragraph 3 of the GDPR, you have the right to withdraw your consent at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent before revocation. From the time of withdrawal, we will no longer be entitled to continue processing your data based on the consent revoked.
h) Right to lodge a complaint
According to article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that processing your personal data infringes the GDPR.
i) Right to object
If your personal data are processed based on legitimate interest which is based on article 6 paragraph 1 sentence 1 f of the GDPR, you have the right to object, on grounds relating to your particular situation, or if you want to object to direct marketing, at any time to processing of your personal data. If you want to object to direct marketing, you have a general right to object which we will implement without any information on your particular situation. In order to exercise your right to withdraw or to object, please send us an e-mail to: firstname.lastname@example.org .
j) Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects for you or similarly affects you significantly. This does not apply if the decision
- is necessary for entering into, or performance of, a contract between you and us
- is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests
- is based on your explicit consent
However, such decisions must not be based on special categories of personal data referred to in article 9 paragraph 1 of the GDPR unless article 9 paragraph 2 a or g of the GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
We will implement suitable measures regarding the cases stated in point i) and iii) to safeguard the rights and freedoms and your legitimate interests, at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.
Last updated on July 26, 2022