Data privacy policy

We are delighted that you are interested in our company. The GOLDSTEIG Käsereien Bayerwald GmbH management board places great importance on data privacy. It is basically always possible to use the GOLDSTEIG Käsereien Bayerwald GmbH websites without providing any personal data. If a data subject wants to make use of our company’s services via our website though, the processing of personal data might be required. If the processing of personal data is required and there is not a legal basis for this kind of processing, we generally obtain the data subject’s consent.

The personal data, for example the data subject’s name, address, email address or phone number, is always processed in compliance with the General Data Protection Regulation and in accordance with the applicable national data protection regulations for GOLDSTEIG Käsereien Bayerwald GmbH. With this data privacy policy our company wants to inform the general public about the nature, scope and purpose of the personal data collected, used and processed by us. This data privacy policy also informs data subjects about the rights they are entitled to.

As the entity responsible for processing data, GOLDSTEIG Käsereien Bayerwald GmbH has taken a number of technical and organisational measures to guarantee as comprehensive a protection as possible for personal data processed through this website. Nevertheless, web-based data transfers may always have security loopholes that make it impossible to guarantee complete protection. For this reason, every data subject is entitled to send us their personal data using alternative channels, for example by phone.

 

1. Definitions

The GOLDSTEIG Käsereien Bayerwald GmbH data privacy policy is based on the terms that are used by European regulators for the adoption of the General Data Protection Regulation (GDPR). Our data privacy policy should be easy to read and understand for both the general public and our customers and business partners. To guarantee this we want to explain the terms used beforehand.

We use the following terms in this data privacy policy, among others:

 

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (subsequently “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

b) Data subject

The data subject is any identified or identifiable natural person whose personal data is being processed by the processor.

 

c) Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

d) Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

 

s) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

 

f) Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

 

g) Controller

The controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

 

h) Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

 

i) Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

 

j) Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

 

k) Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

2. The controller’s name and address

The controller in terms of the General Data Protection Regulation, other data protection laws in European Union Member States and other provisions of a data protection nature is:

GOLDSTEIG Käsereien
Bayerwald GmbH
Siechen 11
93413 Cham
Germany

Tel.: +49 (0)9971/844-0
Email: info@goldsteig.de
Website: www.goldsteig.de

 

3. The data protection officer’s name and address

The controller’s data protection officer is:

Alexander Bugl
Bugl & Kollegen GmbH
Eifelstrasse 55
93057 Regensburg
Germany
Tel.: +49 (0)941/63049789
Email: ab@buglkollegen.de
Website: www.buglkollegen.com 

Every data subject can directly contact our data protection officer at any time if they have any questions or suggestions regarding data protection.

 

4. Cookies

The GOLDSTEIG Käsereien Bayerwald GmbH websites use cookies. Cookies are text files that are placed and stored on a computer system by the Internet browser.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is the cookie’s unambiguous identifier. It consists of a string through which websites and servers can be assigned to the specific Internet browser where the cookie was saved. This allows for the data subject’s visited websites and servers and individual browsers to be differentiated from other Internet browsers that contain other cookies. A specific Internet browser can be recognised and identified by the unambiguous cookie ID.

By using cookies, GOLDSTEIG Käsereien Bayerwald GmbH can provide users of this website with more user friendly services that would not be possible without using cookies.

Information and offers on our website can be improved for the user’s benefit using a cookie. As already mentioned, cookies allow us to recognise users to our website again. The purpose of this recognition is to make it easier for users to use our website. For example, a user on a website that uses cookies does not have to enter their login details again every time they visit the website because this is done by the cookie stored by the website and on the user’s computer system. Another example is a shopping basket cookie in an online shop. The online shop remembers the articles a customer placed in the virtual shopping basket by using a cookie.

The data subject can prevent our website from placing cookies at any time by changing the settings in their Internet browser, thus permanently rejecting the placing of cookies. Placed cookies can also be deleted at any time through the Internet browser or using other software programmes. This is possible in all standard Internet browsers. If the data subject deactivates the placing of cookies in the used Internet browser, it is possible that not all our website functions will be available in certain circumstances.

 

5. Recording general data and information

The GOLDSTEIG Käsereien Bayerwald GmbH website records a range of general data and information every time the website is accessed by the data subject or an automated system. This general data and information is stored in the server log files. The (1) used browser types and versions, (2) operating system used by the accessing system, (3) website from which the accessing system reaches our website (referrer), (4) sub-websites that are controlled by an accessing system on our website, (5) the date and time the website is accessed, (6) an Internet Protocol address (IP address), (7) the Internet service provider for the accessing system and (8) any other similar data and information that serve to avert risks in the event of attacks on our information technology systems may be recorded.

GOLDSTEIG Käsereien Bayerwald GmbH does not draw any conclusions about the data subject when using this general data and information. This information is in fact required to (1) correctly deliver our website’s content, (2) to optimise our website content and advertising for this, (3) to guarantee that our information technology systems and website technology permanently work properly and (4) to provide the prosecution authorities with the necessary information for prosecution in the event of a cyber attack. This anonymously collected data and information is therefore statistically and further analysed by GOLDSTEIG Käsereien Bayerwald GmbH with the goal of increasing data protection and data security within our company to ultimately guarantee the best level of protection for the personal data we process. The server log files’ anonymous data are saved separately from any personal data provided by a data subject.

 

6. Registering on our website

The data subject has the option of registering on the controller’s website by providing personal data. Which personal data are transferred to the controller in the process is shown on the input screen used for registration. The personal data entered by the data subject are only collected and stored by the controller for internal use and for their own purposes. The controller can arrange for the personal data to be disclosed to one or more order processors, for example a parcel service provider, who also only uses the personal data for internal use, which is assigned to the controller.

By registering on the controller’s website, the data subject’s IP address issued by the Internet Service Provider (ISP), the date and time of registration are also stored. This data is stored given the fact that this is the only way that the misuse of our services can be prevented and this data allows for any offences committed to be investigated, if necessary. Insofar, the storage of this data is necessary to safeguard the controller. This data is not disclosed to third parties on principle, unless there is a legal obligation to disclose it or disclosing it serves criminal prosecution.

The data subject’s registration by voluntarily providing personal data is used by the controller to offer the data subject content and services that can only be offered to registered users as a result of their nature. Registered users have the option of changing the personal data provided during registration or having it completely deleted from the controller’s database at any time.

The controller shall provide the data subject with information about which personal data are stored on the data subject at any time on request. In addition, the controller shall correct or delete any personal data at the data subject’s request or indication as long as this does not contradict any legal obligations to retain records. A data protection officer named in this data privacy policy and all the controller’s staff are available for the data subject to contact in this context.

 

7. Subscribing to our newsletter

Users are given the opportunity to subscribe to our company’s newsletter on the GOLDSTEIG Käsereien Bayerwald GmbH website. Which personal data are transferred to the controller when ordering the newsletter is shown on the input screen used for this.

GOLDSTEIG Käsereien Bayerwald GmbH informs its customers and business partners about the company’s offers at regular intervals using a newsletter. Our company’s newsletter can basically only be received by the data subject if (1) the data subject has a valid email address and (2) the data subject registered for the newsletter to be sent. A confirmation email is sent to the email address entered for the first time by the data subject for the newsletter subscription for legal reasons as part of the double opt-in process. This confirmation email is used to check whether the email address owner has authorised receipt of the newsletter as the data subject.

When registering for the newsletter we also save the data subject’s IP address issued by the Internet Service Provider (ISP) at the time of registration, the computer system used and the date and time of registration. It is necessary to collect this data to be able to track any (possible) misuse of the data subject’s email address at a later time and is therefore used to legally safeguard the controller.

The personal data collected as part of registering for the newsletter are only used to send our newsletter. Furthermore, newsletters subscribers might receive information by email if this is required to operate the newsletter service or registration regarding this, as might be required in the case in the event of changes to the newsletter service or technical conditions. The personal data collected as part of the newsletter service are not disclosed to third parties. The subscription to our newsletter can be cancelled by the data subject at any time. The data subject can withdraw their consent to the personal data they provided us with to send the newsletter being stored at any time. There is a link in every newsletter to withdraw consent. There is also the option of cancelling the subscription to the newsletter on the controller’s website or informing the controller in another way.

 

8. Newsletter tracking

The GOLDSTEIG Käsereien Bayerwald GmbH newsletters contain tracking pixels. A tracking pixel is a miniature graphics that is embedded in the kinds of emails that are sent in HTML format to enable the recording and analysis of a log file. A statistical analysis can therefore be carried out of the success or failure of online marketing campaigns. Using the embedded tracking pixels, GOLDSTEIG Käsereien Bayerwald GmbH can identify whether and when an email was opened by a data subject and which links in the email were opened by the data subject.

Any personal data collected using such tracking pixels contained in newsletters is stored and analysed by the controller to improve the newsletter delivery and adapt the content of future newsletters even better to the data subject’s interests. These personal data are not disclosed to third parties. Data subjects are entitled to withdraw the separate declaration of consent issued through the double opt-in process regarding this at any time. Once withdrawn, these personal data are deleted by the controller. GOLDSTEIG Käsereien Bayerwald GmbH automatically interprets the cancellation of the newsletter as withdrawal of consent.

 

9. Contact option through the website

As a result of statutory regulations, the GOLDSTEIG Käsereien Bayerwald GmbH website contains information that allows for fast electronic contact with our company and direct communication with us, which also includes a general address for electronic post (email address). If a data subject contacts the controller by email or using a contact form, the personal data provided by the data subject are automatically stored. These kind of personal data provided to the controller by a data subject on a voluntary basis are stored for the purposes of processing or contacting the data subject. These personal data are not disclosed to third parties.

 

10. Routinely deleting and blocking personal data

The controller only processes and stores the data subject’s personal data for the time required to achieve the purpose of storage or for the period stipulated by the European regulator or another legislator in laws or regulations that the controller is subject to.

Once the purpose of storage or a storage deadline stipulated by a European regulator or other responsible legislator expires, the personal data are routinely blocked or deleted in accordance with statutory regulations.

 

11. Rights of the data subject

a) Right to confirmation

Every data subject has the right issued by the European regulator to obtain confirmation from the controller as to whether or not personal data concerning them are being processed. If a data subject wants to make use of this right to confirmation, they can contact our data protection officer or another one of the controller’s employees at any time regarding this.

 

b) Right to information

Every data subject providing personal data for processing has the right issued by the European regulator to obtain information free of charge from the controller at any time regarding the personal data stored relating to the data subject and a copy of this information. Furthermore, the European regulator must provide the data subject with the following information:

The purposes of processing

The categories of personal data concerned

The recipients or categories of recipients the personal data have been or are being disclosed to, in particular recipients in third countries or international organisations
If possible, the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period

The existence of the right to request rectification or erasure of personal data or restriction of processing concerning the data subject from the controller and to object to processing

The right to lodge a complaint with a supervisory authority
If the personal data are not collected from the data subject: Any available information as to their source

The existence of automated decision-making, including profiling, referred to in Article 22 Para. 1 and 4 of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

Furthermore, the data subject has the right to be informed whether personal data have been transferred to a third country or international organisation. If this is the case, the data subject also has the right to be informed of the appropriate safeguards relating to the transfer.

If a data subject wants to make use of this right to information, they can contact our data protection officer or another one of the controller’s employees at any time regarding this.

 

c) Right to rectification

Every data subject providing personal data for processing has the right issued by the European regulator to demand the rectification of any incorrect personal data concerning them without undue delay. Furthermore, the data subject has the right to demand to have incomplete personal data completed, including by means of providing a supplementary statement, taking the purposes of processing into account.

If a data subject wants to make use of this right to rectification, they can contact our data protection officer or another one of the controller’s employees at any time regarding this.

 

d) Right to erasure (right to be forgotten)

Every data subject providing personal data for processing has the right issued by the European regulator to demand the erasure of personal data concerning them without undue delay by the controller where one of the following grounds applies and as long as this is not required for processing:

The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

The data subject withdraws consent on which the processing is based according to point (a) of Article 6 Para. 1, or point (a) of Article 9 Para. 2 of the GDPR, and where there is no other legal ground for the processing.

The data subject objects to processing pursuant to Article 21 Para. 1 of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to processing pursuant to Article 21 Para. 2 of the GDPR.

The personal data have been unlawfully processed.

The personal data have to be erased for compliance with a legal obligation in Union or Member State law which the controller is subject to.

The personal data have been collected in relation to the offer of information society services referred to in Article 8 Para. 1 of the GDPR.

If one of the aforementioned grounds applies and a data subject wants to request the erasure of personal data stored at GOLDSTEIG Käsereien Bayerwald GmbH, they can contact our data protection officer or another one of the controller’s employees at any time regarding this. The GOLDSTEIG Käsereien Bayerwald GmbH data protection officer or another member of staff will arrange for the erasure request to be met without undue delay.

If GOLDSTEIG Käsereien Bayerwald GmbH has made the personal data public and our company is obliged pursuant to Section 17 Para. 1 of the GDPR to erase the personal data, Goldsteig Käsereien Bayerwald GmbH, taking account of the available technology and cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of those personal data, as long as they are not required for processing. The GOLDSTEIG Käsereien Bayerwald GmbH data protection officer or another member of staff will make the necessary individual arrangements on an individual basis.

 

d) Right to the restriction of processing

Every data subject providing personal data for processing has the right issued by the European regulator to demand the restriction of processing from the controller where one of the following grounds applies:

The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.

The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.

The controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.

The data subject has objected to processing pursuant to Article 21 Para. 1 of the GDPR pending verification whether the controller’s legitimate grounds override those of the data subject.

Where one of the aforementioned grounds applies and a data subject wants to request the restricting of personal data stored at GOLDSTEIG Käsereien Bayerwald GmbH, they can contact our data protection officer or another one of the controller’s employees at any time regarding this. The GOLDSTEIG Käsereien Bayerwald GmbH data protection officer or another member of staff will arrange for the processing to be restricted.

 

f) Right to data portability

Every data subject providing personal data for processing has the right issued by the European regulator to receive personal data concerning them which they have provided to a controller in a structured, commonly used and machine-readable format. They also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6 Para. 1 or point (a) of Article 9 Para. 2 of the GDPR or on a contract pursuant to point (b) of Article 6 Para. 1 of the GDPR and the processing is carried out by automated means, if the processing is not required to perform a task carried out in the public interest or in exercising the official authority vested in the controller.

Furthermore, in exercising their right to data portability pursuant to Article 20 Para. 1 of the GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and if this does not adversely affect the rights and freedoms of others.

The data subject can contact the data protection officer appointed by GOLDSTEIG Käsereien Bayerwald GmbH or any other member of staff to exercise their right to data portability.

 

g) Right to object

Every data subject providing personal data for processing has the right issued by the European regulator to object to the processing of personal data concerning them which is based on point (e) or (f) of Article 6 Para. 1 of the GDPR at any time, on grounds relating to their particular situation. This also applies to profiling based on those provisions.

In the event of objection, GOLDSTEIG Käsereien Bayerwald GmbH will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or to establish, exercise or defend legal claims.

Where GOLDSTEIG Käsereien Bayerwald GmbH processes personal data for direct marketing purposes, the data subject shall have the right to object to the processing of personal data concerning them for such marketing at any time. This also applies to profiling to the extent that it is related to such direct marketing. Where the data subject objects to GOLDSTEIG Käsereien Bayerwald GmbH regarding processing for direct marketing purposes, GOLDSTEIG Käsereien Bayerwald GmbH will no longer process the personal data for these purposes.

Where personal data are processed at GOLDSTEIG Käsereien Bayerwald GmbH for scientific or historical research purposes or statistical purposes pursuant to Article 89 Para. 1 of the GDPR, the data subject also has the right to object to the processing of personal data concerning them on grounds relating to their particular situation, unless the processing is necessary for the performance of a task carried out in the public interest.

The data subject can contact the GOLDSTEIG Käsereien Bayerwald GmbH data officer or any other member of staff to exercise their right to object. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise their right to object by automated means using technical specifications.

 

h) Automated individual decision-making, including profiling

Every data subject providing personal data has the right issued by the European regulator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly them, where the decision (1) is not necessary to enter into or perform a contract between the data subject and controller or (2) is authorised by Union or Member State law which the controller is subject to and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests or (3) is based on the data subject’s explicit consent.

Where the decision (1) is required to enter into or perform a contract between the data subject and controller or (2) is based on the data subject’s express consent, GOLDSTEIG Käsereien Bayerwald GmbH shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.

If the data subject wants to exercise their rights with regard to automated decisions, they can contact our data protection officer or any of the controller’s other staff regarding this.

 

i)  Right to withdraw data protection consent

Every data subject providing personal data for processing has the right issued by the European regulator to withdraw their consent to the processing of personal data at any time.

If the data subject wants to exercise their right to withdraw consent, they can contact our data protection officer or any of the controller’s other staff regarding this.

 

    12. Data protection with applications and in the application process

    The controller collects and processes personal data from applicants for the purposes of handling the application process. This processing may be electronic too. This is specifically the case if an applicant transfers relevant application documents to the controller by electronic means, for example by email or using a web form on the website. If the controller enters into an employment contract with the applicant, the transferred data for the purposes of processing the employment relationship are stored taking legal regulations into account. If an employment contract is not entered into with the applicant by the controller, the application documents will be automatically deleted two months after the rejection is announced, if this deletion does not conflict with any other of the controller’s legitimate interests. In this context any other legitimate interest is, for example, the burden of proof in proceedings based on the General Equal Treatment Act (AGG).

     

    13. Data protection provisions regarding the use of Facebook

    The controller has integrated Facebook components into this website. Facebook is a social network.

    A social network is a social meeting place operated on the Internet, an online community that generally allows users to communication with each other and interact in a virtual space. A social network can serve as a platform to exchange opinions and experiences or allow the Internet community to provide personal or company-related information. Facebook allows users of the social network to create private profiles, upload photos and network through friend requests, among other things.

    The company that runs Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

    Every time one of the individual pages on this website run by the controller is accessed, which Facebook components (Facebook plug-ins) have been integrated into, the Internet browser on the data subject’s information technology system is automatically prompted by the respective Facebook components to download a representation of the relevant Facebook components from Facebook. A comprehensive summary of all the Facebook plug-ins can be accessed at https://developers.facebook.com/docs/plugins/?locale=de_DE.  As part of this technical process, Facebook receives knowledge about which specific subpage on our website is visited by the data subject.

    If the data subject is logged into Facebook at the same time, Facebook identifies which specific subpage on our website the data subject visits every time they access our website and during the whole time they are on our website. This information is collected by Facebook components and assigned to the data subject’s respective Facebook account by Facebook. If the data subject clicks one of the Facebook buttons integrated on our website, for example the “Like” button, or the data subject posts a comment, Facebook assigns this information to the data subject’s personal Facebook user account and stores this personal data.

    Facebook always receives information through the Facebook components that the data subject has visited our website if the data subject is logged into Facebook at the same time as accessing our website; this happens regardless of whether the data subject clicks the Facebook components or not. If the data subject does not want this kind of transfer of information to Facebook, they can prevent this by logging out of their Facebook account before accessing our website.

    The data privacy regulation published by Facebook, which is available at https://de-de.facebook.com/about/privacy/ provides information about the collection, processing and use of personal data by Facebook. Furthermore, it also explains which settings options Facebook offers to protect the data subject’s privacy. Various applications are also available to suppress data transfer to Facebook. These kinds of applications can be used by the data subject to suppress data transfer to Facebook.

     

    14. Data protection provisions regarding the use of Google Analytics (with anonymisation function)

    The controller has integrated Google Analytics (with anonymisation function) components into this website. Google Analytics is a web analysis service. Web analysis is the gathering, collecting and analysing of data regarding website users’ behaviour. A web analysis service collects data, among other things, about from which website a data subject has arrived on a website (referrer), which website subpages were accessed or how often and for how long the subpage was viewed. Web analysis is primarily used to improve a website and for the cost-benefit analysis of online advertising.

    The operating company for Google Analytics components is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

    The controller uses the add-on "_gat._anonymizeIp” for web analysis using Google Analytics. Using this add-on the IP address for the data subject’s Internet connection is abbreviated and anonymised by Google, if our websites are accessed from a European Union Member State or from other parties to the Agreement on the European Economic Area.

    The purpose of Google Analytics components is to analyse the stream of visitors to our website. Google uses the acquired data and information to analyse the use of our website, to compile online reports for us that highlight the activities on our websites and to provide other services associated with using our website.

    Google Analytics places a cookie on the data subject’s information technology system. An explanation of what cookies are is provided above. Placing the cookie allows Google to analyse the use of our website. Every time one of the individual pages on this website run by the controller is accessed, which Google Analytics components have been integrated into, the Internet browser on the data subject’s information technology system is automatically prompted by the respective Google Analytics components to transfer data to Google for the purposes of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the data subject’s IP address, which Google uses among other things to track the origin of users and clicks and consequently allow for commission settlements.

    Personal information, for example the access time, place from where access originated and frequency of visits to our website by the data subject are stored using cookies. With every visit to our website, these personal data, including the IP address of the Internet connection used by the data subject, are transferred to Google in the United States of America. These personal data are stored by Google in the United States of America. Under certain circumstances, Google discloses these personal data collected by this technical process to third parties.

    The data subject can prevent our website from placing cookies at any time by changing the settings in their Internet browser, thus permanently rejecting the placing of cookies, as described above. Adjusting the Internet browser’s settings in this way would also prevent Google Analytics from placing a cookie on the data subject’s information technology system. A cookie already placed by Google Analytics can also be deleted at any time through the Internet browser or using other software programmes.

    Furthermore, the data subject has the option of objecting to the use of data from this website and the processing of these data by Google and preventing this. The data subject has to download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout for this. This browser add-on informs Google Analytics using JavaScript that data and information regarding visits to websites are not allowed to be transferred to Google Analytics. The installation of the browser add-on is evaluated as an objection. If the data subject’s information technology system is deleted, formated or reinstalled at a later time, the data subject has to reinstall the browser add-on to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person authorised to do so, there is the option of reinstalling or reactivating the browser add-on.

    More information and the valid data privacy provisions can be obtained from Google at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html.  Google Analytics is explained in more detail here https://www.google.com/intl/de_de/analytics/

     

    15. Data protection provisions regarding the use of YouTube

    The controller has integrated YouTube components into this website. YouTube is an online video portal that allows video publishers to post video clips free of charge and allows other users to watch, rate and comment on them free of charge too. YouTube permits the publication of all kinds of videos, which is why both complete film and television programmes and also music videos, trailers or videos produced by users themselves are accessible on the online portal.

    The operating company for YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

    Every time one of the individual pages on this website run by the controller is accessed, which YouTube components (YouTube videos) have been integrated into, the Internet browser on the data subject’s information technology system is automatically prompted by the respective YouTube components to download a representation of the relevant YouTube components from YouTube. More information can be obtained about YouTube at https://www.youtube.com/yt/about/de/.  As part of this technical process, YouTube and Google receive knowledge about which specific subpage on our website is visited by the data subject.

    If the data subject is logged into YouTube at the same time, YouTube identifies which specific subpage on our website the data subject visits when they access a subpage that contains a YouTube video. This information is collected by YouTube and Google and assigned to the data subject’s respective YouTube account.

    YouTube and Google always receive information through the YouTube components that the data subject has visited our website if the data subject is logged into YouTube at the same time as accessing our website; this happens regardless of whether the data subject clicks a YouTube video or not. If the data subject does not want this kind of transfer of information to YouTube and Google, they can prevent this by logging out of their YouTube account before accessing our website.

    The data privacy policies published by YouTube available at https://www.google.de/intl/de/policies/privacy/ provide information about the collection, processing and use of personal data by YouTube and Google.

     

    16. Data protection provisions regarding the use of Google Maps

    This website uses Google Maps to display maps and provide directions. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website you declare that you agree to the gathering, processing and use of automatically collected data and data you entered by Google, one of their representatives or a third party provider. You can find the Terms of Use for Google Maps at http://www.google.com/intl/de_de/help/terms_maps.htmlgoes really well with this. You can find detailed information in the google.de data privacy center at http://www.google.de/intl/de/policies/privacy/goes really well with this.

     

    17. Data protection provisions regarding the use of Typekit web fonts

    We integrate external fonts on our website from Typekit, a service offered by the company Adobe Systems Incorporated, 345 Park Ave, San Jose, CA 95110, USA. These web fonts are integrated by accessing a server at Adobe. As far as we are aware, at least the IP address of the visitor to our website is stored by Adobe. You can find more detailed information in the Typekit data privacy notices, which you can access here: www.adobe.com/de/privacy/typekit.html

     

    18. Lawfulness of processing

    Our company uses Article 6 I point (a) of the GDPR as the legal basis for processing where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case for example with processing that is necessary to supply goods or provide any other service or service in return, the processing is based on Article 6 I point (b) of the GDPR. The same applies to processing that is required to carry out prior to entering into a contract, for example in cases of enquiries regarding our products or services. If our company is subject to a legal obligation which requires the processing of personal data, for example to comply with tax obligations, the processing is based on Article 6 I point (c) of the GDPR. In rare cases, the processing of personal data might be required to protect the data subject’s or another natural person’s vital interests. This would be the case, for example, if a visitor to our company were to be injured and his name, age, health insurance details and other vital information had to be disclosed to a doctor, hospital or other third parties. Processing would then be based on Article 6 I point (d) of the GDPR. Finally, processing could be based on Article 6 I point (f) of the GDPR. This legal basis applies to processing that is not covered by any of the aforementioned legal bases if it is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests, fundamental rights and freedoms of the data subject. We are permitted to carry out this processing as it was mentioned specifically be the European legislator. It took the view that a legitimate interest might be assumed if the data subject is a client of the controller (Recital 47, point (2) of the GDPR).

     

    19. Legitimate interests in processing pursued by the controller or a third party

    Where the processing of personal data is based on Article 6 I point (f) of the GDPR, our legitimate interest is to conduct our business for the benefit of all our staff and shareholders’ welfare.

     

    20. Personal data storage period

    The criterion for how long personal data is stored is the respective statutory retention period. Once this period expires, the corresponding data are routinely deleted as long as they are no longer required for the performance of a contract or entering into a contract.

     

    21. Statutory and contractual regulations regarding the provision of personal data; requirement for conclusion of contract; the data subject’s obligation to provide personal data; possible consequences of non-provision

    We are informing you that the provision of personal data is partly stipulated by law (e.g. tax regulations) or may result from contractual regulations (e.g. details regarding the contractual partner). Sometimes it may be necessary for the conclusion of a contract that a data subject provides us with personal data that consequently have to be processed by us. For example, the data subject is obligated to provide us with personal data if our company concludes a contract with them. If this personal data is not provided, the consequence would be that the contract could not be concluded with the data subject. The data subject must contact our data protection officer before they provide personal data. Our data protection officer explains on an individual basis to the data subject whether the provision of personal data is stipulated by law or the contract or is required to conclude the contract, whether there is an obligation to provide personal data and what the consequences would be of not providing personal data.

     

    22. Automated decision-making

    As a responsible company, we do not use any automated decision-making or profiling.

    This data privacy policy was prepared by the GDPR data privacy policy generator from the German Association for Data Protection, in cooperation with RC GmbH, which recycles used IT and the media law lawyers from WILDE BEUGER SOLMECKE | Rechtsanwälte.