Privacy Policy of GSR Services GmbH

With the following information, we would like to expressly explain to you how we handle your data in our company when you visit this website and how we have implemented the legal requirements in this respect.

For better understanding and a better overview, there is now a table of contents, which should enable you to find individual explanations and notes more quickly.

Table of Contents

I. Introduction/Overview

II. Scope

III. definitions

1. Personal data

2. Data Subject

3. processing

4. Restriction of processing

5. Profiling

6. Pseydonymization

7. File system

8. Responsible

9. Processors

10. Recipient

11. Third

12. Consent

13. Breach of personal data protection

14. Cookies

15. IP address

16. Browser

17. Referrer URL

18. Plugin

IV. Controller and data protection officer

1. Responsible of GSR Services GmbH

2. Data Protection Officer

V. General information

VI. Data Collection and Storage

1. Collection of general data and information when using our website

2. Contacting us via email

VII. Cookies

VIII. Integration of Third-Party Services and Content

1. Integration of Google Maps

2. Use of Google Analytics with anonymization function

3. Use of Facebook Social Plugins

4. Twitter Plugin

5.Google Plus

6. YouTube

7. Vimeo

8. Matomo (formerly Piwik)

IX. RSS feed

X. Data protection for applications and application procedures

XI. Data transfer to third parties

XII. SSL or TLS encryption

XIII. Existence of automated decision-making

XIV. Rights of the data subject

1. Right to information

2. Right to rectification

3. Right to delete

4. Right to restriction of processing

5. Right to information

6. Right to data portability

7. right to

8. Right to revoke the declaration of consent under data law

9. Automated individual decision-making including profiling

10. Right to complain to a supervisory authority

XV. Change to our privacy policy 

I. Introduction/Overview

Data protection has always been an important issue. Because only through data protection is it possible to protect each individual from the fact that his personal rights and/or other rights are impaired by the handling of his personal data.

Every company needs and maintains data so that a company can exist at all.

Unfortunately, due to the ever-expanding digital networking, the risk of data misuse is also increasing.

In principle, however, the companies that collect, store or process data should not be protected.

Rather, each individual should be protected against data misuse and thus in particular against a violation of his or her personal rights.

For this reason, data protection has always had a particularly high priority for our company.

It is therefore not only our claim, but also a requirement of the legislator to ensure that your data enjoys the best possible protection.

Our data protection practices are therefore always in line with applicable laws.

Legal requirements for data protection include, in particular, the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).

We have initiated and implemented numerous measures in our company, both technical and organizational, to ensure the most complete protection of your personal data.

In this data protection declaration and the following statements and information, we would like to inform you as comprehensively and clearly as possible about why we collect and process personal data, when, where and how or for what purpose.

At the same time, we would like to inform you about the rights you have in this context as the data subject.

From the following explanations you can see to what extent we collect and process personal data when using our website and what your rights are.

For better understanding, this data protection declaration is divided into individual sections and provided with headings. The headings already show what the individual section is about.

In addition, we have defined the terms used in particular by the legislator and the terms that we believe are not known to everyone in a separate section so that it is easier for you to understand this data protection declaration and you can look up the terms at any time.

In this context, we have also added references to numerous terms in the individual sections, where the corresponding explanation of the term or the corresponding definition can be found so that it can be read quickly.

Furthermore, we have specifically named the legal basis in the individual sections, which entitles us to collect and process the relevant personal data.

At the same time, we have also stated the purpose and, if possible, the duration of the processing in the individual sections.

We also point out in the individual sections which specific rights you are entitled to in the corresponding data processing.

In addition, the rights to which you are entitled are repeated again in a separate section, stating the relevant legal provisions, so that you can find out about the rights to which you are entitled at any time without having to search in the individual sections.

If the following information and explanations are not sufficient for you and/or if they are incomprehensible to you despite our efforts, our data protection officer (see IV. 2.) and/or our other employees are always at your disposal for queries, suggestions, criticism, etc . to disposal.

You can find the contact options either in this declaration and/or in our imprint.

II. Scope

This website is operated by GSR Services GmbH, Auf dem Brink 1, 21394 Suedergellersen. This data protection declaration therefore applies to our entire homepage and our entire website.

Further information about our company can be found in our imprint at any time.

III. definitions

We have already pointed out at the beginning that the legal provisions on data protection result in particular from the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).

You can find the current version of the aforementioned laws at the following links:

– General Data Protection Regulation (GDPR): https://dsgvo-gesetz.de

– Federal Data Protection Act (BDSG): https://dsgvo-gesetz.de/bdsg-neu/

– Telemedia Act (TMG): https://www.gesetze-im-internet.de/tmg/

This data protection declaration therefore meets the requirements and specifications of the aforementioned laws.

For this reason, we also use definitions and terms from these laws in this data protection declaration.

We also use terms from computer language and the IT industry.

For easier and better understanding, we would first like to explain and define the most important terms used below. The legislator has also used these definitions, in particular in the General Data Protection Regulation (GDPR). For this reason, in the following explanations and definitions, we have also named the corresponding legal regulations, where possible, from which these definitions result.

1. Personal data
(see also Article 4 No. 1 GDPR)

Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features, the expression the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Data Subject
(see also Article 4 No. 1 GDPR)

Affected person is any identified or identifiable natural person whose personal data is processed.

3. processing
(see also Article 4 No. 2 GDPR)

Processing is any process carried out with or without the help of automated procedures or any such series of processes in connection with personal data, such as collecting, recording, organizing, arranging, storing, adapting or changing, reading out, querying, use , disclosure by transmission, distribution or any other form of making available, matching or linking, restriction, deletion or destruction.

4. Restriction of processing
(see also Article 4 No. 3 GDPR)

Restriction of the processing is the marking of stored personal data with the aim to limit their future processing.

5. Profiling
(see also Article 4 No. 4 GDPR)

Profiling is any type of automated processing of personal data, which consists in using this personal data to evaluate certain personal aspects relating to a natural person, in particular aspects related to work performance, economic situation, health, personal preferences analyze or predict that natural person's interests, reliability, conduct, whereabouts or relocation.

6. Pseudonymization
(see also Article 4 No. 5 GDPR)

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data is not assigned to an identified or identifiable natural person.

7. File system
(see also Article 4 No. 6 GDPR)

File system is any structured collection of personal data that is accessible according to certain criteria, regardless of whether this collection is centralized, decentralized or organized according to functional or geographic aspects.

8. Responsible
(see also Article 4 No. 7 GDPR)

The person responsible is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data; if the purposes and means of this processing are specified by Union law or the law of the Member States, the person responsible or the specific criteria for his naming can be provided for by Union law or the law of the Member States.

9. Processors
(see also Article 4 No. 8 GDPR)

The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the responsible party.

10. Recipient
(see also Article 4 No. 9 GDPR)

Recipient is a natural or legal person, public authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data in the context of a specific investigation under Union or Member State law are not considered recipients; the processing of this data by the said authorities is carried out in accordance with the applicable data protection regulations in accordance with the purposes of the processing.

11. Third
(see also Article 4 No. 10 GDPR)

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct responsibility of the controller or processor, are authorized to process the personal data.

12. Consent
(see also Article 4 No. 11 GDPR)

Consent is any expression of will voluntarily given by the data subject for a specific case, in an informed manner and unequivocally in the form of a declaration or other clear affirmative action, with which the data subject indicates that they are processing their personal data agrees.

13 Breach of personal data protection
(see also Article 4 No. 12 GDPR)

Personal data breach is a breach of security leading to the destruction, loss or alteration, whether accidental or unlawful, or unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed became.

14. Cookies

Cookies are data sets that are stored on the user's computer by a web server. When you connect again, they are sent back to the web server that sets the cookie with the aim of recognizing the user and his or her settings. It is a file created locally on the user's computer that assigns the user a specific identity consisting of numbers and letters.

The classification of cookies as personal data depends on the technical design of the cookies.

If only a randomly generated number-letter combination is stored on the user's computer by a cookie, the user himself cannot be identified. An assignment is only possible with the additional knowledge of which combination was saved on which computer. The operators of websites do not have this additional knowledge if they only use cookies with exclusively random elements.

If the operator installs the name of the user or his e-mail address in the cookie, the user has regularly provided the operator with the relevant information and thus disclosed his identity himself, for example when creating a customer/user profile, as part of an order on the website Company website, when using an e-mail inbox from the same operator, when participating in surveys on the website and the like. The user's system can be programmed in such a way that this additional information is included in the identification combination of the cookie. If the user's name or e-mail address is integrated into the cookie, the user can be identified. The cookie is classified as personal data.

A combination of cookies and IP addresses is also possible. In this constellation, the operator of the visited website saves IP addresses and immediately relates them to the specified cookies, ie he saves in a database which IP address was assigned which cookie. The identifiability of the user presupposes that the operator of the website can assign the IP address to a specific user without disproportionately great effort in terms of time, costs and personnel.

Whether IP addresses themselves represent personal data has not yet been decided uniformly in German case law. It could therefore be assumed that an IP address falls under the concept of personal data.

As a rule, most of the cookies used are deleted after the end of the respective browser session (so-called session cookies). Other cookies remain on the user's computer and enable the operator of the respective website to recognize the user's computer on his next visit (so-called permanent cookies).

Cookies are usually used to make visiting a website attractive and to enable the use of certain functions.

Each user can set their browser so that the browser informs the user about the placement of cookies. This makes the use of cookies transparent for the user.

Of course, the respective user can also set up their browser in such a way that cookies are not stored on their computer or cookies that have already been stored are deleted.

To do this, you must first call up the browser you are using, such as Internet Explorer, Firefox, etc. There you can block cookies and/or make other cookie settings under the Settings section under the heading Privacy Policy.

You can also find more detailed information in the data protection declarations of your respective browser provider.

15. IP address

An IP address is an address in computer networks which – like the internet – is based on the internet protocol (IP). It is assigned to devices that are connected to the network, making the devices addressable and therefore accessible. The IP address can designate a single recipient of a group of recipients. Conversely, multiple IP addresses can be assigned to a computer.

The IP address is primarily used to be able to transport data from the sender to the intended recipient.

16. Browser

Browsers are special computer programs for displaying websites on the Internet (World Wide Web) or documents and data in general.

17. Referrer URL

On the Internet, referrer URL refers to the website via which the user came to the current website or file.

18. Plugin

A plug-in is a software program that independently covers a partial functionality and thus expands the functionality of an overall system. A higher-level platform is required to run a plug-in, which in turn provides the necessary interfaces for integrating the plug-in. Plug-ins are not to be confused with add-ons, which only supplement existing software as an option and do not provide any libraries of their own, but only use the existing ones.

The plug-ins are in most cases from third parties and only rarely from the same manufacturer of the main program.

Well-known programs are B. the Flash Player, Java or PDF plug-ins for web browsers such as Internet Explorer or Mozilla Firefox. These extended browsers with functions for displaying file formats (e.g. video streaming, PDF documents) that are not supported by default. Another advantage of the external plug-ins is that they only have to be loaded when they are really needed. This saves resources and allows them to be used in a more targeted manner in normal browser use.

IV. Controller and data protection officer

At this point we would like to inform you who is responsible (for definition see III. 8.) and who is the data protection officer for our company.

1. Responsible

GSR Services GmbH, Auf dem Brink 1, 21394 Suedergellersen, represented by the managing director Henning Gramann, ibid

The contact details of the person responsible are as follows:

GSR Services GmbH, Auf dem Brink 1, 21394 Suedergellersen
Telephone: +49 (0)4135 31789 – 50
E-mail: henning.gramann@gsr-services.com 
Website: http://www.gsr-services.com 

You can also find further information in our imprint on the person responsible.

2. Data Protection Officer

In principle, a data protection officer is only required if at least 10 people are constantly busy with the automated processing of personal data in the company.

This is not the case in our company. There are exceptions to this rule though. However, the prerequisites for these exemptions do not apply to our company. Therefore we do not need a data protection officer.

You can therefore contact any of our employees in data protection matters. The contact details can be found in this declaration and/or in our imprint.

V. General information

As a rule, you can use our homepage or our Internet pages without having to provide any personal information.

However, if you would like to make use of special services from our company, for example as a customer, business partner, etc., processing of your personal data (see III.1.) could become necessary.

This is particularly the case when Sicontact us via email.

In this context, we would like to expressly clarify that, despite the technically possible security precautions we have taken, internet-based data transmissions can have security gaps and we cannot therefore guarantee absolute protection.

For this reason, you can of course also transmit personal data to us in alternative ways, for example in person or by telephone. You can find the contact options in our imprint at any time and/or ask us personally.

VI. Data Collection and Storage

In principle, our website can be used without any indication of personal data. Nevertheless, data is collected and stored every time our website is accessed. You also have the option of contacting us by email.

Which data is collected and processed, the legal basis that authorizes us to do so, the purpose, the duration of storage and your rights in connection with this should be explained here.

1. Collection of general data and information when using our website

Each time our website is accessed, information is automatically collected and stored. Specifically, this involves the following information or data:

– Website name
– file
- Date
- Time
– amount of data
– Web browser and web browser version
- Operating system
– the domain name of your Internet provider
– the so-called referrer URL
– the IP address.

The above data or information is automatically transmitted to us by your browser.

This information is general and does not allow us to draw any conclusions about your person; So you remain anonymous. This data or information will not be merged with other data sources.

In this context, however, we reserve the right to subsequently check this information, also known as server log files, if we become aware of concrete indications of illegal use or if we are legally obliged to do so by a third party.

This data collection serves to present the content of this website and for statistical purposes. The data collection helps us in particular to optimize the technology. The collection of the aforementioned data is therefore absolutely necessary.

The legal basis for the aforementioned data collection is Article 6 Paragraph 1 Clause 1 f GDPR.

This data is generally stored by us for a period of 60 days and then deleted, unless we have been legally obliged by a third party to continue to store this data and/or we have concrete indications of illegal use.

The collection and storage of this data is absolutely necessary for the provision and operation of our website. There is therefore no possibility of objection and/or elimination.

2. Contacting us via email

A quick electronic contact with us is possible at any time by e-mail. If you contact us by e-mail, your e-mail address, your name and, if you provide other personal data, this will also be automatically saved. This personal data, which you transmit to us on a voluntary basis, is stored for the purposes of processing and/or contacting you. In this respect, this personal data will not be passed on to third parties.

The legal basis for this data collection is Article 6 Paragraph 1 f GDPR. If the e-mail contact is aimed at concluding a contract, the legal basis for processing is Article 6 Paragraph 1 b GDPR.

We will delete this data as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when the respective e-mail conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been finally clarified.

You have the option to revoke your consent to the processing of personal data at any time. If you contact us by email, you can object to the storage of your personal data at any time. In such a case, the communication cannot be continued. The revocation of the consent is possible informally. You can therefore send this revocation in writing, by e-mail, by telephone, etc. directly to our data protection officer and/or one of our other employees. The corresponding contact details can be found in this declaration and/or in our imprint.

In the event of revocation, we will delete all personal data that we stored in the course of contacting you.

VII. Cookies

We use so-called cookies on our homepage and on our Internet pages (for a definition, see III.14.). In detail, we use both session cookies and permanent cookies on our homepage and on our Internet pages (for definition see III.14.).

We use cookies for analysis and optimization purposes. Cookies are not used to run programs or load viruses onto your computer.

Cookies contain e.g. B. Information about the previous accesses of the user to the corresponding server or information about which offers have been accessed so far.

This enables us to continuously improve our offer and make it more convenient.

Data collection is therefore absolutely necessary.

The legal basis for the aforementioned data collection is Article 6 Paragraph 1 Clause 1 f GDPR.

Although no consent is required due to Article 6 Paragraph 1 Clause 1 f GDPR, we display a cookie warning the first time you visit our site, with which we expressly point out again that cookies are being used. At the same time, we also obtain your consent to the use of cookies by giving the user consent to the use of cookies by clicking the button.

Any consent you may have given is also the legal basis.

You have the right to object to the use of cookies or the right to remove them. You therefore have the option of rejecting the setting of cookies at any time. This is usually done by selecting the appropriate option in the browser settings or by using additional programs. For more information, please refer to the explanations under III.14. and/or the data protection declaration and the help function of the browser or browser provider you are using.

VIII. Integration of services and content of third parties

We have integrated the services of third parties on our homepage in order to make our homepage and our offer more attractive and to expand them.

1. Integration of Google Maps

We use Google Maps on our website. This enables us to show you interactive maps directly on the homepage and enables you to conveniently use the map function.

Google Maps is a component of Google Inc., 1600 Amphitheatre, Parkway, Mountain View, CA 94043, USA. With each individual call-up of the “Google Maps” component integrated by us, Google sets a cookie (for a definition, see III. 14) in order to process user settings and user data when the website on which the “Google Maps” component is integrated is displayed .

As a rule, this cookie is not deleted by closing the browser, but expires after a certain period of time, unless you delete it manually beforehand.

If you do not agree to this processing of your data, you have the option of deactivating the "Google Maps" service and thereby preventing the transmission of data to Google. To do this, you need to deactivate the Java Script function in your browser. However, we would like to point out that in this case you will not be able to use "Google Maps" or only to a limited extent.

The use of "Google Maps" and the information obtained via "Google Maps" takes place in accordance with the Google Terms of Use, which can be found under the following link https://policies.google.com/trms?hl=de and the additional terms and conditions for "Google Maps “ https://www.google.com/intl/de_US/help/trms_maps.html. This occurs regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account.

We use Google Maps on our homepage or our website to make our homepage more attractive for the user.

The legal basis is therefore Article 6 Paragraph 1 f GDPR.

If you do not wish to be associated with your profile on Google, you must log out of your Google account before using the "Google Maps" component. Google stores your data as usage profiles and uses them for advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our homepage. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. There you will also receive further information on your rights in this regard and setting options to protect your privacy.

Google also processes your personal data in the USA and has submitted to the EU-US privacy shield: https://www.privacyshield.gov.

2. Use of Google Analytics with anonymization function

We use Google Analytics on this website, a web analytics service provided by Google Inc. 1600 Amphitheatre, Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called cookies (for definition see III. 14.). These cookies are stored on your computer and enable us to analyze how you use our website.

The information generated by these cookies, such as the time, place and frequency of your website visits, including your IP address, is transmitted to Google in the USA and stored there.

We use Google Analytics with an IP anonymization function on our website. In this case, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and thereby made anonymous.

Google will use this information to evaluate your use of our website, to compile reports on website activity for us and to provide other services related to website activity and internet usage. Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google.

We use Google Analytics with an IP anonymization function for analysis purposes and the associated continuous improvement of our offer.

The legal basis is therefore Article 6 Paragraph 1 f GDPR.

According to their own statements, Google will under no circumstances associate your IP address with other Google data. You can prevent the installation of cookies by setting your browser software accordingly; we would like to point out to you however that in this case you can if applicable not use all functions of our website in full.

Furthermore, Google offers a deactivation option for the most common browsers, which gives you more control over which data is collected and processed by Google. If you activate this option, no information about the website visit will be transmitted to Google Analytics. However, activation does not prevent information from being transmitted to us or to other web analysis services we may use. You can find more information about the deactivation option provided by Google and how to activate this option via the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

3. Use of Facebook Social Plugins

Currently without application.

4. Twitter Plugin

Currently without application.

5.Google Plus

Currently without application.

6. YouTube

Our homepage and our website uses plug-ins from YouTube for the integration and display of video content. YouTube is an internet video portal. The provider of this video portal is YouTube, LLC, 901 Caerry Ave, San Bruno CA 94066, USA (www.youtube.com).

When accessing content from our homepage or our Internet pages with an integrated YouTube plug-in, a connection to the YouTube servers is automatically established. This tells YouTube which of our Internet pages or what content you have accessed on our Internet pages.

If you have your own YouTube account, YouTube can assign your surfing behavior directly to your account or your personal profile if you are logged into your YouTube account at the time. By logging out beforehand, you have the option of preventing or preventing this.

The integration of YouTube in our homepage is in the interest of an attractive presentation of our online offers.

The legal basis is therefore Article 6 Paragraph 1 f GDPR.

Details on handling user data can be found in YouTube's data protection declaration at https://www.google.de/intl/de/policies/privacy.

7. Vimeo

Our homepage or our website uses plug-ins from Vimeo for the integration and display of video content. The provider of the video portal is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA (www.vimeo.com).

When accessing the content of our website with an integrated Vimeo plug-in, a connection to the Vimeo servers is established. This tells Vimeo which of our pages you have accessed. Vimeo learns your IP address even if you are not logged in to the video portal and/or do not have an account there. The information recorded by Vimeo is transmitted to the video portal server in the USA.

Vimeo can assign your usage behavior directly to your profile. By logging out beforehand, you have the option of preventing or preventing this.

The integration of Vimeo plug-ins on our homepage or our website is in the interest of an attractive presentation of our online offers.

The legal basis is therefore Article 6 Paragraph 1 f GDPR

Details on how to handle user data can be found in Vimeo's privacy policy https://vimeo.com/privacy.

8. Matomo (formerly Piwik)

Our homepage and our website use the web analysis service Matomo. Matomo (formerly Piwik). Matomo is an open source solution.

Matomo uses so-called "cookies" (for definition see III.14.). The information generated by the cookie about the use of our homepage or our website is stored on our server. However, your IP address is anonymised before it is saved.

Matomo cookies remain on your end device until you delete them.

The information stored in the Matomo cookie about the use of our homepage or our website is not passed on. We use Matomo for the anonymous analysis of user behavior in order to optimize and improve our offer, including our advertising offer.

The legal basis is therefore Article 6 Paragraph 1 f GDPR.

The setting of cookies by your web browser can be prevented.

In this respect, we expressly refer to the statements under III.14.

However, some functions of our homepage or our website could be restricted as a result.

IX. RSS feed

Currently without application.

X. Data protection for applications and application procedures

We offer that applications are sent to us electronically by e-mail.

We collect, store and process the personal data of applicants for the purpose of processing the application process.

If we conclude an employment contract with an applicant, the data transmitted to us in the application process will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.

If we do not conclude an employment contract with the applicant, the application documents will be deleted 6 months after notification of the rejection decision if there are no other legitimate interests opposed to deletion on our part, such as a burden of proof in court proceedings.

The legal basis for this is Article 6 Paragraph 1 f GDPR and Article 6 Paragraph 1 b GDPR

You have the option to revoke your consent to the processing of personal data at any time. If you apply to us by email, you can object to the storage of your personal data at any time. In such a case, the communication cannot be continued, ie your application cannot be processed further, with the result that an employment relationship may not result. The revocation of the consent is possible informally. You can therefore send this revocation in writing, by e-mail, by telephone, etc. directly to our data protection officer and/or one of our other employees. The corresponding contact details can be found in this declaration and/or in our imprint.

In the event of revocation, all personal data stored by us in the course of the application will be deleted by us, unless there is a legitimate interest on our part, such as the burden of proof in court proceedings.

XI. Data transfer to third parties

We will not share your personal information with any third party unless we notify you of the disclosure. Our IT service provider has access to our stored data in order to correct errors and enable us to carry out the required technical and organizational measures.

The legal basis for this is Article 6 Paragraph 1 f GDPR and Article 6 Paragraph 1 b GDPR. Our IT service provider was carefully selected by us and commissioned in writing. He is bound by our instructions and is regularly checked by us. The service provider will not pass this data on to third parties.

Apart from the cases explained in this data protection declaration, we only pass on data to third parties without the express consent of the user if we are obliged to do so by law or an official or court order.

The collection and storage of this data is absolutely necessary for the operation and maintenance of our entire IT. There is therefore no possibility of objection and/or elimination

XII. SSL or TLS encryption

Currently without application.

XIII. Existence of automated decision-making

As a responsible company we refrain from automatic decision-making or profiling.

XIV. Rights of the data subject

The rights of the data subject are of particular concern to us. The rights of the data subject are one of the most important elements of the legal requirements. We would therefore like to particularly emphasize the rights of the data subject at this point. We have therefore refrained from presenting the rights of the data subject in the above information. In our opinion, the rights of the data subject should be set out in a separate section at this point to ensure that the rights of the data subject can be found and read easily at any time.

The rights of the data subject result explicitly from the General Data Protection Regulation (GDPR). They are regulated in Articles 12 to 23 of the General Data Protection Regulation (GDPR).

In detail, the data subject has the following rights:

1. Right to information
(see also Article 15 GDPR)

Every data subject has the right to request confirmation from us, i.e. the person responsible, as to whether personal data relating to the data subject is being processed by us (so-called right to confirmation). The information must be provided free of charge.

If such processing is present, you can request information from us about the following information in accordance with Article 15 GDPR:

  • (1) the processing purposes;
  • (2) the categories of personal data being processed;
  • (3) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  • (4) where possible, the envisaged period for which the personal data will be stored or, if that is not possible, the criteria used to determine that period;
  • (5) the existence of a right to correction or deletion of the personal data concerning you or to restriction of processing by the person responsible or a right to object to this processing;
  • (6) the existence of a right of appeal to a supervisory authority;
  • (7) if the personal data are not collected from the data subject, all available information about the origin of the data;
  • (8) the existence of automated decision-making including profiling in accordance with Article 22 (1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

In addition, the data subject has a right to information as to whether personal data is being or has been transmitted to a third country or to an international organization. In this context, the data subject can request to be informed of the appropriate guarantees pursuant to Article 46 GDPR in connection with the transfer.

If a data subject intends to make use of this right to information, they can contact our data protection officer (see IV. 2. for definition) and/or one of our other employees at any time. The corresponding contact details can be found in this declaration and/or in our imprint.

2. Right to rectification
(see also Article 16 GDPR)

Every data subject has the right to demand immediate correction and/or completion from us, i.e. the person responsible, if the processed personal data concerning them is incorrect or incomplete. If correction and/or completion is requested from us, we must carry out this correction immediately.

If an affected person intends to assert this right to rectification or completion, they can contact our data protection officer (see IV. 2. for definition) and/or another of our employees at any time. The corresponding contact details can be found in this declaration and/or in our imprint.

3. Right to Erasure (“Right to be Forgotten”)
(see also Article 17 GDPR)

Every data subject has the right to demand from us, i.e. the person responsible, that the personal data concerning them be deleted immediately if one of the following reasons applies, provided that the processing is not necessary:

  • (1) The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • (2) The data subject revokes their consent on which the processing was based pursuant to Article 6 Paragraph 1 a or Article 9 Paragraph 2 a GDPR and there is no other legal basis for the processing.
  • (3) The data subject objects to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate reasons for the processing or the data subject objects to the processing in accordance with Article 21 (2) GDPR.
  • (4) The personal data was processed unlawfully.
  • (5) The erasure of the personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.
  • (6) The personal data was collected in relation to information society services offered pursuant to Article 8 (1) GDPR.

If we, i.e. the person responsible, have made the personal data public and if we are obliged to delete them in accordance with Article 17 (1) GDPR, we shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, in order to ensure that the data processing To inform those responsible who process the personal data that a data subject has requested them to delete all links to this personal data or copies or replications of this personal data.

However, the right to erasure does not exist if the processing is necessary

  • (1) on the exercise of the right to freedom of expression and information;
  • (2) to fulfill a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task of public interest or in the exercise of official authority conferring on the controller has been;
  • (3) for reasons of public interest in the field of public health pursuant to Article 9 Paragraph 2 a and i GDPR and Article 9 Paragraph 3 GDPR;
  • (4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, insofar as the right specified in Article 17 (1) GDPR (right to erasure) is likely to achieve the objectives of this processing renders impossible or seriously impairs, or
  • (5) to assert, exercise or defend legal claims.

If an affected person intends to exercise this right to erasure, they can contact our data protection officer (see IV. 2.) and/or another of our employees at any time. The corresponding contact details can be found in this declaration and/or in our imprint.

4. Right to restriction of processing
(see also Article 18 GDPR)

Every data subject has the right to request that we, i.e. the person responsible, restrict the processing if one of the following conditions is met:

  • (1) the accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data;
  • (2) the processing is unlawful and the data subject refuses to have the personal data erased and instead requests that the use of the personal data be restricted;
  • (3) the person responsible no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise or defend legal claims, or
  • (4) the data subject has lodged an objection to the processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If the processing of the personal data concerning you has been restricted, this personal data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of an important processed in the public interest of the Union or a Member State.

If the restriction of processing has been restricted according to the above conditions, you will be informed by us before the restriction is lifted.

If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by us, the data subject can contact our data protection officer (see IV. 2.) and/or one of our data protection officers at any time contact other employees. The corresponding contact details can be found in this declaration and/or in our imprint.

5. Right to information
(see also Article 19 GDPR)

If you have asserted the right to correction, deletion or restriction of processing against us, i.e. the person responsible, we are obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing , unless this proves impossible or involves a disproportionate effort.

You therefore have the right to be informed about these recipients.

If you wish to make use of this right to information, you can contact our data protection officer (see IV. 2) and/or another of our employees at any time. The contact details can be found in this declaration and/or in our imprint.

 

6. Right to data portability
(see also Article 20 GDPR)

Every data subject has the right to receive the personal data concerning them, which they have provided to the person responsible, i.e. us, in a structured, common and machine-readable format. In addition, every data subject has the right to transfer this data to another person responsible without hindrance by the person responsible for providing the personal data, provided that

  • (1) the processing is based on consent pursuant to Article 6 Paragraph 1 a GDPR or Article 9 Paragraph 2 a GDPR or on a contract pursuant to Article 6 Paragraph 1 b GDPR and
  • (2) the processing is carried out using automated procedures.

In exercising this right, the data subject also has the right to have the personal data concerning them transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible. The prerequisite for this, however, is that the freedoms and rights of other people are not impaired.

However, this right to data portability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible, i.e. us.

If an affected person intends to assert this right to data transferability, they can contact our data protection officer (see IV. 2.) and/or another of our employees at any time. The corresponding contact details can be found in this declaration and/or in our imprint.

7. right to
(see also Article 21 GDPR)

Every data subject has the right, for reasons arising from their particular situation, to object at any time to the processing of personal data relating to them, which is based on Article 6 (1) e or f GDPR; this also applies to profiling based on these provisions.

We, as the person responsible, no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend against legal claims.

If the personal data is processed in order to carry out direct advertising, each data subject has the right to object at any time to the processing of personal data concerning them for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If the data subject objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

Furthermore, the data subject has the right, for reasons arising from their particular situation, to object to the processing of personal data relating to them for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR unless the processing is necessary to fulfill a task in the public interest.

In connection with the use of information society services, every data subject has the option of exercising their right to object by means of automated procedures using technical specifications, irrespective of Directive 2002/58/EC.

To exercise the right to object, the person concerned can of course also contact our data protection officer (see IV. 2) or another of our employees directly. The corresponding contact details can be found in this declaration and/or in our imprint.

8. Right to revoke the declaration of consent under data law
(see also Article 21 GDPR)

Every data subject has the right to revoke their consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

To exercise this right, the person concerned can contact our data protection officer (see IV. 2.) and/or another of our employees directly at any time. The corresponding contact details can be found in this declaration and/or in our imprint.

9. Automated individual decision-making including profiling
(see also Article 22 GDPR)

Every data subject has the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning them or similarly significantly affects them.

This does not apply if the decision

  • (1) is necessary for the conclusion or performance of a contract between the data subject and the person responsible,
  • (2) is permissible on the basis of Union or Member State legislation to which the person responsible is subject and this legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
  • (3) with your express consent.

However, these decisions must not be based on special categories of personal data according to Article 9 Paragraph 1 GDPR, unless Article 9 Paragraph 2 a or b GDPR applies and appropriate measures have been taken to protect the rights and freedoms and their legitimate interests.

With regard to the cases mentioned in (1) and (3), we, i.e. the person responsible, take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain human intervention on the part of the person responsible , i.e. from us, to express your own point of view and to challenge the decision.

10. Right to complain to a supervisory authority
(see also Article 51 et seq. GDPR)

Without prejudice to other rights and/or legal remedies, every data subject has the right to lodge a complaint with the competent supervisory authority in the event of violations of data protection law. The competent supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based, i.e. the state data protection officer of Lower Saxony. The state data protection officer for data protection in Lower Saxony can be reached as follows:

Prinzenstrasse 5, 30159 Hanover
Phone: +49 (0) 511-1204500
Fax: +49(0)511-1204599.

The above supervisory authority to which a complaint is lodged will also inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

XV. Change to our privacy policy

In order to ensure that our data protection declaration always corresponds to the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the data protection declaration has to be adjusted due to new or revised services. The new data protection declaration will then take effect the next time you visit our homepage.