These are the guidelines that we use for our websites:
We undertake to comply with the legal privacy provisions and strive to adhere to the principles of data reduction and data economy.
1. Name and address of the controller and data protection commissioner
The controller in the terms of the General Data Protection Regulation and other national data protection acts of the member states of the European Union and any other data protection provisions is:
Dr. Klaus Karg KG
Represented by Dr. Klaus Karg
Alte Rother Str. 10
Phone: 09122 6311- 0
Fax: 09122 6311 - 63
The data protection commissioner of the controller is:
Eschenbacher IT-Consulting & Service
3. Lawfulness of processing personal data
We will only process your personal data, such as your first name and surname, your e-mail address, your IP address etc., if there is a corresponding legal basis for it. This includes without limitation the following three provisions of the General Data Protection Regulation:
- You granted us permission to process your personal data for one or more purposes, article 6 paragraph 1 sentence 1 a of the GDPR. In this case we will inform you in detail on the purpose(s) of processing and your express consent will be documented in our files.
- Processing your personal data is necessary for the performance of a contract or in order to take steps with you prior to entering into a contract, article 6 paragraph 1 sentence 1 b of the GDPR.
- Processing is necessary for the purposes of our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms, article 6 paragraph 1 sentence 1 f of the GDPR.
We will always point out the legal basis of processing your personal data at the appropriate times.
4. Disclosure of personal data
We will not disclose your personal data to any third parties for any other than the purposes stated below. We will only disclose your personal data to any third parties if:
- You granted express permission in accordance with article 6 paragraph 1 sentence 1 a of the GDPR,
- Disclosure according to article 6 paragraph 1 sentence 1 f of the GDPR is required for the establishment, exercise or defence of legal claims and there is no reason to assume that you have compelling legitimate interest in non-disclosure of your data,
- If there is a legal obligation to disclose data according to article 6 paragraph 1 sentence 1 f of the GDPR,
- If it is legally permissible and necessary for the execution of any contractual relationships with you according to article 6 paragraph 1 sentence 1 f of the GDPR.
5. Duration of storage and deletion
We will only store the personal data you submit for as long as they are needed to fulfil the purposes for which they were submitted or for as long as prescribed by law. When the purpose has been fulfilled and/or the legal storage period has expired, we will delete or block the data.
6. SSL encryption
For security reasons and in order to protect the transmission of confidential content, such as the inquiries that you send to us as the website operator, we use SSL encryption. You can detect encrypted connections because the address bar of the browser changes from “http://” to “https://” and there is a lock symbol before the URL. With an activated SSL encryption, no third party can read any data that you transfer to us.
7. Collection and storage of personal data and how and to what purpose we will use it
a) When you visit the website
When you access our website, the browser used on your device will automatically send certain information to our website server. This information will be temporarily stored in a so-called log file. The information that will be automatically collected and stored until the automatic deletion will be the following:
- IP address of the computer sending the request
- date and time of access
- name and URL of the requested file
- browser used and in some cases the operating system your computer uses and the name of your access provider
We will process these data for the following purposes:
- evaluation of the security and stability of our system
Any data that can be tracked back to you, such as the IP address, will be deleted after 7 days or earlier. If we store the data longer, then we will allocate pseudonyms so that tracking them to you is no longer possible.
Legally, the data processing is based on article 6 paragraph 1 sentence 1 f of the GDPR. Our legitimate interest stems from the above purposes for the collection of data. We will never use any data collected to try and track you as a person.
b) Member area / login
It is possible to create a download account. For this, your personal data, any other data you provided to us voluntarily and data on any downloads you used in the past will be stored and processed. You can always access this data to see your previous downloads. With your data you can simply log in for your next download using your login data. It is also meant to help you manage your download activities.
Legally, this data processing is based on your consent according to article 6 paragraph 1 sentence 1 a of the GDPR.
You can change or delete your data in the download account at any time and you also have the option of deleting your account as a whole. The deletion will then take effect immediately and include all data stored in your account.
c) Contact e-mail
You can send us an e-mail using the e-mail address stated on our website. In this case we will store and process your e-mail address and the data you provide in your e-mail according to article 6 paragraph 1 sentence 1 b and f of the GDPR in order to process your message.
d) Google Maps
This website uses the Google Maps API. By using Google Maps, certain data on how you use this website (including without limitation your IP address) can be sent to a Google server (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland) in the USA and be stored there.
Google might transfer such data to a third party if this is a legal requirement or if such third party acts as a data processing commissioner on behalf of Google. However, your IP address will never be connected to any other Google data. We still need to point out that, technically, it is possible for Google to identify individual users based on the data received.
Google Maps is intended as a service for you so you can see where exactly we are located and if needed plan your route accordingly. Using Google Maps is therefore based on our legitimate interest according to article 6 paragraph 1 sentence 1 f of the GDPR.
The data processed by the cookies are necessary for the purposes stated in order to protect our and third parties’ legitimate interest according to article 6 paragraph 1 sentence 1 f of the GDPR.
Most browsers are set in a way that makes them accept cookies automatically. You can change the settings so that either no cookies will be stored on your device or you will be notified before any new cookies are stored. If you deactivate cookies completely, you might experience some difficulties if you want to use all the functions presented on our website.
Below we give you more details on the different kinds of cookies we use.
- Session cookies
To improve the user experience of our offers, we use so-called session cookies that detect whether you have visited any individual pages of our website before.
These session cookies will be deleted automatically once you leave our website.
b. Temporary cookies
Such temporary cookies will be stored on your device for a fixed period.
c. Optimization cookies
They will be deleted after a certain fixed period.
9. Analysing and tracking tools
We use the following analysing and tracking tools on our website. Their purpose is to ensure continuous optimisation of our website and to adapt it to specific needs.
We use these tools based on your consent according to article 6 paragraph 1 sentence 1 a of the GDPR. You can revoke your consent at any time by changing the cookie settings. Until such revocation, processing remains legal.
The purposes of data collection and the data categories are each stated in the respective tools.
a) Google Analytics
On our website, we use Google Analytics, a web analysis service of Google Inc. (https://www.google.de/intl/en/about/) (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; hereinafter referred to as “Google”).
- the name and version of browser used
- the operating system of your computer
- the website from which you access our website (referrer URL)
- the IP address of the computer sending the request
- the time of server inquiry
will usually be transferred to a Google server in the USA and be stored there.
We activated IP anonymization on our website, so your IP will be shortened beforehand by Google within the member states of the European Union or any other member states of the Agreement of the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and be shortened there.
Google will use these data on our behalf to analyse how you use this website, to create reports on the activity on the website and to render other services to us relating to how the website and the internet is used. Google will not collate the IP address transmitted by your browser in the scope of Google Analytics with other data from Google.
You can prevent cookies from being stored by adjusting the preferences of your browser software. However, we would like to point out that if you do so, you may not be able to use some of the functionalities of our website fully.
In addition, you can also prevent that any data created by cookies and relating to how you use this website (including without limitation your IP address) be collected and processed by Google by downloading and installing the browser plugin from the following link https://tools.google.com/dlpage/gaoptout?hl=en.
You can prevent Google Analytics from collecting your data by clicking on the following link. This will set an opt-out cookie preventing any collection of your data when you visit our website in the future:
Deactivate Google Analytics
b) Google Remarketing
We use the Remarketing function from Google Analytics in order to provide marketing campaigns, including without limitation Google AdWords campaigns, to the visitors of our website.
This means that you will see relevant ads based on your previous visits to our website when you visit other websites in the Google Display Network.
With the DoubleClick cookie, Google can show us and other third-party vendors targeted ads corresponding to the interests determined from your previous visits to our website and/or other websites. These ads can be displayed on Google websites and/or the websites of other operators of the Google ad network. We also use the Google Analytics ad feature to analyse the effectiveness of our own ad campaigns.
You can adjust the Google ad settings to your own preferences and opt out of Google ads that are based on your interests. In this case, the cookie ID (set individually for each cookie) of the DoubleClick cookie will be overwritten and it will no longer be possible to allocate it to a certain browser.
If you delete all cookies from your device, a new DoubleClick cookie might be set. This means you might have to renew your opt-out settings. You can permanently deactivate the DoubleClick cookie by downloading and installing the respective browser plugin from here: http://www.google.com/settings/ads/plugin. You can deactivate third-party cookies for the purpose of online ads on the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/.
If you agreed in your Google account that your Google web and app browser history can be linked to your Google account and that information from your Google account may be used to personalize ads, Google will use your data in combination with Google Analytics data for the creation of target group lists for Remarketing over several devices. To this end, Google Analytics collects IDs connected to your Google account, authenticated by Google for you as a user of our website. Google Analytics then temporarily links these IDs to Google Analytics data to optimize our target groups.
Click here to see an overview of Google’s privacy settings.
c) Facebook Conversion Pixel
We use the “Conversion Pixel” or user action pixel of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. By accessing this pixel from your browser, Facebook can subsequently recognise whether a Facebook advertisement was successful, for example if it resulted in an online purchase.
We only receive statistical data that don't relate to a specific person from Facebook. This way, we can determine how effective Facebook advertisements were for statistical and marketing purposes. Please also note Facebook’s privacy information, especially if you have a Facebook account: https://www.facebook.com/about/privacy/.
You can change your settings on Facebook under https://www.facebook.com/settings?tab=ads or click here if you want to revoke your Conversion Pixel consent: Disable Facebook-Pixel
10. Social Media
On our website, we use the following social media plugins to improve the popularity of our website. This is deemed a legitimate interest; therefore the legal basis for using social media plugins is article 6 paragraph 1 sentence 1 letter f of the GDPR.
We aim to operate our website according to the data protection laws while still offering you the benefits of the social media services stated.
This is why we use Shariff. Shariff replaces the usual share buttons of social networks and protects your surfing behaviour from nosey glances. This is how we protect the privacy of our website’s visitors from unnecessary data transmission by and to social networks. Our users can still share pages with their friends with one click.
Responsibility for data protection compliant operation must be guaranteed by the respective suppliers.
According to the Facebook data privacy regulations, Facebook may process the data collected in third states.
You can find frequently asked questions on data privacy answered in everyday language under http://www.facebook.com/help.php?page=1068.
On our website, we use the plugin of the Pinterest social network operated by Pinterest Inc. (808 Brannan Street San Francisco, CA 94103-490, USA).
Once you activate this plugin, your browser will establish a direct connection to the Pinterest servers. The plugin usually transfers protocol data to the US Pinterest server. These protocol data may contain your IP address, the address of any websites visited that contain Pinterest functionalities, what kind of browser you use and what settings you chose, the date and time of request, how you use Pinterest and any cookies.
The Shariff button, however, will only establish a direct connection between Pinterest and you once you have actively clicked on the share button.
11. Rights of the data subject
You are entitled to the following:
a) Right of access
According to article 15 of the GDPR, you are entitled to obtain information on your personal data processed by us. This includes without limitation information on
- the purposes of the processing
- the categories of personal data concerned
- the recipients or categories of recipient to whom the personal data have been or will be disclosed
- the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- the existence of the right to request rectification or deletion of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
- the right to lodge a complaint with a supervisory authority
- where the personal data are not collected from the data subject, any available information as to their source
- the existence of automated decision-making, including profiling, and if possible meaningful information about the logic involved
b) Right to rectification
According to article 16 of the GDPR, you have a right to rectification of inaccurate or incomplete personal data that are stored with us without undue delay.
c) Right to deletion
According to article 17 of the GDPR, you have a right to deletion of your personal data stored with us without undue delay unless further processing is necessary due to one of the following reasons:
- For exercising the right of freedom of expression and information
- For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- For reasons of public interest in the area of public health in accordance with article 9 paragraph 2 h and i and article 9 paragraph 3 of the GDPR
- For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with article 89 paragraph 1 of the GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing
- For the establishment, exercise or defence of legal claims
d) Right to restriction of processing
According to article 18 of the GDPR, you are entitled to demand restriction of processing of your personal data where one of the following applies:
- You contest the accuracy of your personal data.
- The processing is unlawful and you oppose the deletion of the personal data.
- We no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims.
- You have objected to processing pursuant to article 21 paragraph 1 of the GDPR.
e) Right of notification
We will communicate any rectification or deletion of personal data or restriction of processing carried out in accordance with article 16, article 17 paragraph 1 and article 18 of the GDPR to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You are entitled to know who those recipients are.
f) Right to data portability
You have the right to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format.
You also have the right to have the personal data transmitted directly to a third party if the processing was carried out automatically and is based on consent according to article 6 paragraph 1 sentence 1 a or article 9 paragraph 2 a or a contract according to article 6 paragraph 1 sentence 1 b of the GDPR.
g) Right to withdraw your consent
According to article 7 paragraph 3 of the GDPR, you have the right to withdraw your consent at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent before revocation. From the time of withdrawal we will no longer be entitled to continue processing your data based on the consent revoked.
h) Right to lodge a complaint
According to article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that processing your personal data infringes the GDPR.
i) Right to object
If your personal data are processed based on legitimate interest which is based on article 6 paragraph 1 sentence 1 f of the GDPR, you have the right to object, on grounds relating to your particular situation, or if you want to object to direct marketing, at any time to processing of your personal data. If you want to object to direct marketing, you have a general right to object which we will implement without any information on your particular situation. In order to exercise your right to withdraw or to object, please send us an e-mail to firstname.lastname@example.org.
j) Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects for you or similarly affects you significantly. This does not apply if the decision
- is necessary for entering into, or performance of, a contract between you and us
- is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests
- is based on your explicit consent
However, such decisions must not be based on special categories of personal data referred to in article 9 paragraph 1 of the GDPR unless article 9 paragraph 2 a or g of the GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
We will implement suitable measures regarding the cases stated in point i) and iii) to safeguard the rights and freedoms and your legitimate interests, at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.
Last updated on July 2, 2020