Data Privacy

These are the guidelines that we use for our websites:

We undertake to comply with the legal privacy provisions and strive to adhere to the principles of data reduction and data economy.

1. Name and address of the controller and data protection commissioner

a) Controller

The controller in the terms of the General Data Protection Regulation and other national data protection acts of the member states of the European Union and any other data protection provisions is:

Dr. Klaus Karg KG
Represented by Dr. Klaus Karg
Alte Rother Str. 10
91126 Schwabach
Germany

Phone: +49 9122 63110
Fax: +49 9122 631163

E-mail: info@dr-karg.de

Website: www.dr-karg.de

b) Data Protection Commissioner

The data protection commissioner of the controller is:

Eschenbacher IT-Consulting & Service
Stephan Eschenbacher
Eckenstr. 50
90480 Nürnberg
Germany

Phone: +49 911 401823

E-mail: datenschutz@dr-karg.de

2. Definitions

We aimed for our privacy policy to be clear and transparent. Should there still be any doubts about how certain terms are used, please refer to the definitions used here.

3. Lawfulness of processing personal data

a) Processing of personal data in accordance with GDPR

We will only process your personal data, such as your first name and surname, your e-mail address, your IP address etc., if there is a corresponding legal basis for it.  This includes especially the following provisions of the General Data Protection Regulation:

  • Article 6 paragraph 1 sentence 1 a of the GDPR: The data subject has given consent to the processing of his or her personal data for one or more specific purposes
  • Article 6 paragraph 1 sentence 1 b of the GDPR: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • Article 6 paragraph 1 sentence 1 c of the GDPR: Processing is necessary for compliance with a legal obligation to which the controller is subject
  • Article 6 paragraph 1 sentence 1 d of the GDPR: Processing is necessary in order to protect the vital interests of the data subject or of another natural person
  • Article 6 paragraph 1 sentence 1 e of the GDPR: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • Article 6 paragraph 1 sentence 1 f of the GDPR: Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child

We will always point out the legal basis of processing your personal data at the appropriate times in this privacy policy.

b) Consent by the holder of parental responsibility in accordance with article 8, paragraph 1, sentence 2, alternative 2 of the GDPR

If any data processing in connection with this website would require consent of a minor that has not yet completed their 16th year of age, then a holder of parental responsibility has to consent instead.  

The privacy policy holds more information about the different data processing operations, their purpose and the affected data categories, for which consent of the data subject are required.

You can revoke your consent at any time by sending an according notice of revocation in writing towards the provided contact data of the controller. Until such revocation, processing remains legal.

c) Processing of information in accordance with § 25, paragraph 1 of the TDDDG

We also process information according to § 25, paragraph 1, of the TDDDG, when we store new data or access existing data on your terminal equipment. These can be both personal or non-personal data, such as cookies, browser fingerprints, advertising IDs, MAC addresses or IMEI numbers. Terminal equipment stands for any setup linked directly or indirectly to the interface of a public telecommunications network, and is meant to send, process or receive data (see § 2, paragraph 2, number 6 of the TDDDG).

This data is normally only processed based on your consent (see § 25, paragraph 1 of the TDDDG).

In some cases, § 25, paragraph 2, numbers 1 and 2 of the TDDDG provide an exception, wherefore we do not require your consent. One such exception occurs, when we access or store information solely to send a message over a public telecommunications network, or when this is absolutely necessary to provide you with a digital service that you specifically requested. You can revoke your consent at any time.

Please be advised, that revoking your consent does not affect the legality of the processing carried out on the basis of your consent before revocation.

4. Disclosure of personal data

The disclosure of personal data is a processing operation as described in the previous clause 3. We still wanted to inform you separately about the disclosure of data to third parties. The protection of your personal data is very important to us. That’s why we are especially careful when considering whether we should disclose your data to any third parties.

Such a disclosure to third parties can therefore only occur, when there is a legal basis for processing. For example, we will pass on personal data to individuals or companies that work for us as processors according to article 28 of the GDPR. Such a processor is anyone that we have instructed to process personal data, especially if there is a relationship of instruction and control.

As prescribed by the GDPR, we will always enter into a contract with each such processor, that requires them to adhere to data privacy regulations and to comprehensively protect your data.

5. Duration of storage and deletion

We will delete your personal data in the following cases: if they are no longer necessary for the purpose, for which they were collected or otherwise processed; if processing isn’t required for exercising the right of freedom of expression and information; if processing isn’t necessary to comply with a legal obligation; if processing isn’t in the public interest; or if processing isn’t required to enforce, exercise, or defend any legal claims.

6. SSL/TLS encryption

For security reasons and in order to protect the transmission of confidential content, such as the inquiries that you send to us as the website operator, we use SSL/TLS encryption. You can detect encrypted connections because the address bar of the browser changes from “http://” to “https://” and there is a lock symbol before the URL.

7. Cookies

We use cookies on our websites. Cookies are data packages that your browser creates automatically and that will be stored when you visit our website. These cookies have the purpose of storing information connected to the device used. It is not possible to identify you personally with cookies.

The use of cookies refers to both technically necessary and “other” cookies. Technically necessary cookies are absolutely required, so the information company can provide you with a service that you specifically requested.

a) Technically necessary cookies

We use technically necessary cookies to make the use of our offering more convenient for you. Among others these can be so-called session cookies (for settings of language and font, shopping basket etc.), consent cookies, or cookies for server stability and security. Legally these cookies are based on our legitimate interest to operate our website without problems and to provide you with optimised services (in accordance with article 6, paragraph 1, sentence 1 f of the GDPR).

b) Other cookies

Other cookies are used for the purposes of statistics, analysis, marketing and retargeting.

We use these cookies based on your consent according to article 6 paragraph 1 sentence 1 a of the GDPR.

You can revoke your consent to the use of cookies at any time.

Please be advised, that revoking your consent does not affect the legality of the processing carried out on the basis of your consent before revocation.

To do so, please either edit your cookie settings on our website, deactivate the use of cookies in your browser settings (this may limit the functionality of our online offerings), or opt out of individual services.

We will separately point out the legal basis of processing your personal data for each service in this privacy policy.

Changing cookie settings

8. Cookie banner

To ask you to consent to our used cookies, we rely on the cookie banner offered by the service provider CCM19 (Cookie Consent Management Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn - Germany).

It will place a so-called consent cookie, to prompt and process the state of consent. This consent cookie is technically necessary, and is therefore used based on our legitimate interest (in accordance with article 6, paragraph 1, sentence 1 f of the GDPR, and § 25, paragraph 1 of the TDDDG).

9. Collection and storage of personal data and how and to what purpose we will use it

a) External hosting

Our website is hosted by Hetzner Online GmbH at the following address: Industriestraße 25, 91710 Gunzenhausen, Germany. For this reason, all personal data collected on our website is stored on the servers of our hoster, unless a third-party service participates in the process. This can encompass your IP address (anonymizied data saving), e-mail address, communications data or similar. Below we will explain what concrete personal data is being processed for each of the functions and services here presented. If we rely on the external services of a third-party, we will explicitly state this in the description of the service or tool in question.

The hoster will process your data only as instructed by us, and only as far as this is necessary to make the offerings of our website available to you. The hoster will not process your data for their own purposes. We have entered into a contract with the hoster, instructing them on how to process your data.

b) When you visit the website 

When you access our website, the browser used on your device will automatically send certain information to our website server. This information will be temporarily stored in a so-called log file. The information that will be automatically collected and stored until the automatic deletion will be the following:

  • IP address of the computer sending the request (anonymizied)
  • date and time of access
  • name and URL of the requested file
  • browser used and in some cases the operating system your computer uses and the name of your access provider

We will process these data for the following purposes:

  • evaluation of the security and stability of our system

Any data that can be tracked back to you, such as the IP address, will be deleted after 7 days or earlier. If we store the data longer, then we will allocate pseudonyms so that tracking them to you is no longer possible.

Legally, the data processing is based on article 6 paragraph 1 sentence 1 f of the GDPR. Our legitimate interest stems from the above purposes for the collection of data. We will never use any data collected to try and track you as a person.

c) Contact e-mail

You can send us an e-mail using the e-mail address stated on our website. In this case we will store and process your e-mail address and the data you provide in your e-mail according to article 6 paragraph 1 sentence 1 b and f of the GDPR in order to process your message.

d) Contact

Personal data is collected when you contact us (e.g. via a job application form or email). The respective contact form (see Application form for job advertisements) states which data is collected in the case of a contact form. This data is stored and used exclusively for the purpose of responding to your enquiry or for establishing contact and for the related technical processing of the enquiry. The legal basis for the processing of this data is our legitimate interest in responding to your enquiry pursuant to Article 6, Paragraph 1(f) of the GDPR. Your data will be deleted once your enquiry has been processed. This is deemed the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided there are no other statutory obligations to retain the data.

10. Analysing and tracking tools

We use the following analysing and tracking tools on our website. Their purpose is to ensure continuous optimisation of our website and to adapt it to specific needs.

We use these tools based on your consent according to article 6 paragraph 1 sentence 1 a of the GDPR. You can revoke your consent at any time by changing the cookie settings. Until such revocation, processing remains legal.

The purposes of data collection and the data categories are each stated in the respective tools.  Please note, that we have no influence on how and to what extent the service providers will further process your data.

a) Matomo (formerly “Piwik”)

We rely on the analysis service Matomo (InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand), that uses cookies. These are stored on your computer and allow us to analyse the usage of our site.

The cookies contain usage data and are used to transfer those to our server, where we store them for further usage analysis and for optimisation of our website. The usage data also contains your IP address, however it is shortened and anonymised to protect your privacy as a user.

The data generated by the cookie will never be passed on to any third-party.

b) Facebook Conversion Pixel

We use the “Conversion Pixel” or user action pixel of Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). By accessing this pixel from your browser, Meta Platforms can subsequently recognise whether a Facebook advertisement was successful, for example if it resulted in an online purchase.

Meta might potentially transfer the data to other countries as well, to so-called insecure third countries (like the US for instance).

We only receive statistical data that don't relate to a specific person from Meta Platforms. This way, we can determine how effective Facebook advertisements were for statistical and marketing purposes. Please also note Facebook’s privacy information, especially if you have a Facebook account: https://www.facebook.com/about/privacy/.

11. Social Media

On our website, we use the following social media plugins to improve the popularity of our website. The legal basis for using the social media plugins is your consent in accordance with article 6 paragraph 1 sentence 1 a of the GDPR.

a) Pinterest

On our website, we use the plugin of the Pinterest social network operated by Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland).

Once you activate this plugin, your browser will establish a direct connection to the Pinterest servers. The plugin usually transfers protocol data to the US Pinterest server. These protocol data may contain your IP address, the address of any websites visited that contain Pinterest functionalities, what kind of browser you use and what settings you chose, the date and time of request, how you use Pinterest and any cookies.

You can find further information on the purpose, extent and further processing and using of your data by Pinterest, your respective rights and how you can protect your privacy in the Pinterest privacy policy:

https://policy.pinterest.com/de/privacy-policy.

12. Rights of the data subject

You are entitled to the following:

a) Right of access

According to article 15 of the GDPR, you are entitled to obtain information on your personal data processed by us. This includes without limitation information on

  • the purposes of the processing
  • the categories of personal data concerned
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed
  • the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
  • the existence of the right to request rectification or deletion of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
  • the right to lodge a complaint with a supervisory authority
  • where the personal data are not collected from the data subject, any available information as to their source
  • the existence of automated decision-making, including profiling, and if possible meaningful information about the logic involved

b) Right to rectification

According to article 16 of the GDPR, you have a right to rectification of inaccurate or incomplete personal data that are stored with us without undue delay.

c) Right to deletion

According to article 17 of the GDPR, you have a right to deletion of your personal data stored with us without undue delay unless further processing is necessary due to one of the following reasons:

  • The personal data are still necessary for the purpose, for which they were collected or otherwise processed
  • For exercising the right of freedom of expression and information
  • For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • For reasons of public interest in the area of public health in accordance with article 9 paragraph 2 h and i and article 9 paragraph 3 of the GDPR
  • For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with article 89 paragraph 1 of the GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing
  • For the establishment, exercise or defence of legal claims

d) Right to restriction of processing

According to article 18 of the GDPR, you are entitled to demand restriction of processing of your personal data where one of the following applies:

  • You contest the accuracy of your personal data
  • The processing is unlawful and you oppose the deletion of the personal data
  • We no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims
  • You have objected to processing pursuant to article 21 paragraph 1 of the GDPR

e) Right of notification

We will communicate any rectification or deletion of personal data or restriction of processing carried out in accordance with article 16, article 17 paragraph 1 and article 18 of the GDPR to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You are entitled to know who those recipients are.

f) Right to data portability

You have the right to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format.

You also have the right to have the personal data transmitted directly to a third party if the processing was carried out automatically and is based on consent according to article 6 paragraph 1 sentence 1 a or article 9 paragraph 2 a or a contract according to article 6 paragraph 1 sentence 1 b of the GDPR.

g) Right to withdraw your consent

According to article 7 paragraph 3 of the GDPR, you have the right to withdraw your consent at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent before revocation. From the time of withdrawal, we will no longer be entitled to continue processing your data based on the consent revoked.

h) Right to lodge a complaint

According to article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that processing your personal data infringes the GDPR.

i) Right to object

If your personal data are processed based on legitimate interest which is based on article 6 paragraph 1 sentence 1 f of the GDPR, you have the right to object, on grounds relating to your particular situation, or if you want to object to direct marketing, at any time to processing of your personal data. If you want to object to direct marketing, you have a general right to object which we will implement without any information on your particular situation. In order to exercise your right to withdraw or to object, please send us an e-mail to: info@dr-karg.de.

j) Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects for you or similarly affects you significantly. This does not apply if the decision

  1. is necessary for entering into, or performance of, a contract between you and us
  2. is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests
  3. is based on your explicit consent

However, such decisions must not be based on special categories of personal data referred to in article 9 paragraph 1 of the GDPR unless article 9 paragraph 2 a or g of the GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

We will implement suitable measures regarding the cases stated in point i) and iii) to safeguard the rights and freedoms and your legitimate interests, at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.

Last updated on January 24, 2024