I. Name and address of the controller

The controller in terms of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the

Treuhand Weser-Ems GmbH Wirtschaftsprüfungsgesellschaft
Langenweg 55
26125 Oldenburg · Germany
Telefon: +49 (0) 441 9710-0
E-Mail: info@treuhand.de

Treuhand Rechtsberatung Hochhäusler · Duwe & Partner Partnerschaft von Rechtsanwälten mbB
Langenweg 55
26125 Oldenburg · Germany
Telefon: +49 (0) 441 9710-200
E-Mail: info@treuhand-recht.de

Treuhand Weser-Ems Unternehmensberatung GmbH
Langenweg 55
26125 Oldenburg · Germany
Telefon: +49 (0) 441 9710-254
E-Mail: beratung@treuhand.de

hereinafter collectively referred to as the person responsible. The aforementioned are solely responsible for the other processing of personal data.

II. Name and address of the Data Security Officer

The controller’s Data Security Officer is:

Dipl.-Kaufmann Phillip Reck
Treuhand Weser-Ems GmbH Wirtschaftsprüfungsgesellschaft
Langenweg 55
26125 Oldenburg · Germany
Telefon: +49 (0) 441 9710-219
E-Mail: reck@treuhand.de

III. Supervisory authority – German State’s Data Protection Commissioners

The task of the German State’s Data Protection Commissioners (LfD) is to monitor compliance with data protection regulations both by the authorities and other public authorities as well as by commercial enterprises and other non-public bodies in Lower Saxony, thus ensuring the right to informational self-determination.

Responsible authority in Lower Saxony:

Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5
30159 Hannover · Germany
Telefon +49 (0) 511 120-45 00
Fax +49 (0) 511 120-4599
www.lfd.niedersachsen.de

IV. General onformation about data processing

1. Extent of processing personal data

In principle, we only process our users’ personal data insofar as this is necessary, to provide a functioning website as well as our content and services. The processing of our users’ personal data only takes place on a regular basis with the consent of the user. An exception applies to cases, in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, art. 6 sec. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

In the processing of personal data necessary for the performance of a contract to which the data subject is a party, art. 6 sec. 1 lit. b of the GDPR serves as the legal basis. This also applies to processing operations required to carry out precontractual measures.

Insofar as the processing of personal data is required to fulfill a legal obligation our company is subject to, art. 6 sec. 1 lit. c of the GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, art. 6 sec. 1 lit. d of the GDPR serves as the legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not prevail over the former interest, art. 6 sec. 1 lit. f of the GDPR serves as the legal basis said processing.

3. Collaboration with processors and third parties

If, in the context of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant access to the data, this will only be done on the basis of legal permission (e.g. if transmission of the data to third parties, such as to payment service providers, is required to fulfill the contract in accordance with art. 6 sec. 1 lit. b of the GDPR), you have consented, a legal obligation stipulates it or based on our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties with the processing of data based on a so-called “Agreement on data processing”, this is conducted based on art. 28 of the GDPR.

4. Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or do this in the context of using third party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfill our (pre)contractual obligations, based on your consent, based on a legal obligation or based on our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements pursuant to art. 44 ff. of the GDPR are met. That means processing takes place e.g. on the basis of specific guarantees, such as the officially recognised identification of an EU compliant data protection standard (e.g. for the US through the Privacy Shield) or in compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).

5. Data erasure and storage duration

The data subject’s personal data will be erased or blocked as soon as the purpose of the storage is no longer given. Furthermore, such storage may take place if this is stipulated by the European or national legislative authorities in EU regulations, laws or other regulations to which the controller is subject. Blocking or erasure of the data also takes place if a retention period stipulated by the aforementioned standards expires, unless there is a need for the further storage of the data to conclude a contract or fulfill a contract. The data is blocked and not processed for other purposes. For instance, this applies to data, which must be retained for reasons subject to commercial or tax laws.

According to legal requirements, retention is, in particular, carried out for 6 years in accordance with § 257 sec. 1 of the German Commercial Code (HGB) (trading books, inventories, opening balance sheets, annual accounts, business letters, accounting records, etc.) and for 10 years in accordance with § 147 sec. 1 of the General Tax Code (AO) (books, records, management reports, accounting records, commercial and business letters, documents relevant to taxation, etc.).

6. Security measures

We take appropriate technical measures in accordance with art. 32 of the GDPR, taking the best available technology, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons into account and appropriate technical and organisational measures, to ensure a level of protection appropriate for the risk; in particular, measures include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data as well as access it is affected by, input, disclosure, securing availability and its separation. Furthermore, we have established procedures, which ensure data subject rights being able to be exercised, data erasure and a reaction to data vulnerability. Moreover, we already consider the protection of personal data in the development phase or selection of hardware, software as well as procedures, according to the principle of data protection by technology design and by privacy-friendly default settings (article 25 of the GDPR).

In particular, the encrypted transfer of data between your browser and our server belongs to the security measures. This also applies to the transmission of emails between our server and our clients.

7. Changes and updates to the privacy policy

We kindly ask you to stay informed regarding the content of our privacy policy. We will adjust the privacy policy as soon as changes in the data processing we conduct require it. We will notify you as soon as the changes require your becoming active (e.g. consent) or other individual notification becomes necessary.

V. Data subject’s rights

If you your personal data/information is processed, you are a data subject in terms of the GDPR and you are entitled to the following rights vis-á-vis the controller:

1. Right of access by the data subject

You can request a confirmation from the controller on whether or not we have processed your personal data.

If your personal data has been processed, you can request to be informed of the following:

  • the purposes for wich the personal data is processed;
  • the categories of personal data, wich are processed;
  • the recipients or categories of recipients, to whom your personal data was disclosed or will be disclosed;
  • the planned duration of the storage of your personal data or, if specific information is not available here, criteria for determining the duration of storage;
  • the existence of a right to rectification or erasure of your personal data, a right to the restriction of processing by the controller or a right to object to such processing;
  • the existence of the right to lodge a complaint with a supervisory authority;
  • all available information on the source of the data if the personal data is not collected from the data subject;
  • the existence of automated decision-making including profiling according to art. 22 sec. 1 and 4 of the GDPR and – at least in These cases – conclusive information

the logic involved as well as the scope and intended effects of such processing for the data subject.

You have the right to request information on whether or not your personal data is transmitted to a third country or an international organisation. In this context, you can request being informed about the appropriate guarantees in accordance with art. 46 of the GDPR in connection with the transmission.

This right of access can, insofar, be limited to the extent it is likely to render impossible or seriously affect the realisation of research or statistical purposes and the restriction is required to fulfil the research or statistical purposes.

2. Right to rectification

You have a right to rectification and/or completion vis-á-vis the controller if your processed personal data is incorrect or incomplete. The controller must make the correction without delay.

Your right to rectification can, insofar, be limited to the extent it is likely to render impossible or seriously affect the realisation of research or statistical purposes and the restriction is required to fulfil the research or statistical purposes.

3. Right to restriction of processing

You can request a restriction of the processing of your personal data under the following conditions:

  • if you contest the accuracy of your personal information for a period of time, which allows the controller to review the accuracy of the personal data;
  • the processing is illegal and you object to the erasure of the personal data and instead, request the restriction of the use of the personal data;
  • the controller no longer requires the personal data for the purpose of processing however, you require it to assert, exercise or defend legal claims or
  • if you objected to processing pursuant to art. 21 sec. 1 of the GDPR and it is not yet determined whether the controller’s legitimate reasons override your reasons.

If the processing of your personal data has been restricted, this data can only be processed – with the exception of its storage – with your consent and for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural person or legal entity or for reasons of a significant public interest of the Union or of a Member State.

If processing was restricted according to the preceding conditions, you will be informed by the controller before the restriction is lifted.

Your right to restriction of processing can, insofar, be limited to the extent it is likely to render impossible or seriously affect the realisation of research or statistical purposes and the restriction is required to fulfil the research or statistical purposes.

4. Right to erasure

a)     Obligation to erase

You can request the controller to immediately erase your personal data and the controller is obligated to immediately erase said data, provided that one of the following reasons applies:

  • Your personal data is no longer required for the purpose, for wich it was collected or otherwise processed.
  • You revoke your consent, wich was based on processing in accordance with art. 6 sec. 1 lit. a or 9 sec. 2 lit. a of theGDPR and there is no other legal basis for processing.
  • You object to processing in accordance with art. 21 sec. 1 of the GDPR and there are no overriding legitimate reasons for said processing or you object to processing in accordance with art. 21 sec. 2 of the GDPR.
  • Your personal data was processed illegally .
  • The erasure of your personal data is required to fulfill a legal Obligation under European Union law or the law of the Member States, wich the controller is subject to.
  • Your personal data was collected with regard to the offers of information society services in accordance with art. 8 sec. 1 of the GDPR.

b)     Information to third parties

If the controller publicised your personal data and is obligated to erase it in accordance with art. 17 sec. 1 of the GDPR, the controller will take appropriate measures taking the available technology and implementation costs into account, including technical means, to inform data controllers, which process the personal data, that you have requested them to erase all links pertaining to this personal data or copies or replications of this person data.

c)     Exceptions

There is no right to erasure if the processing is required

  • to exercise the right to freedom of expression and information;
  • to fulfill a legal obligation required by the law of the European Union or the Member States, which the controller is subject to or to carry out a task in the public interest or is carried out in exercising official authority, which was delegated to the controller;
  • for reasons of public interest in the field of public health in accordance with art. 9 sec. 2 lit. h and i as well as art. 9 sec. 3 of the GDPR;
  • for archival purposes of public interest, scientific or historical research purposes or for statistical purposes in accordance with article 89 sec. 1 of the GDPR, to the extent that the law referred to in section a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
  • to assert, exercise or defend legal claims.

5. Right to information

If you asserted the right to rectification, erasure or restriction of processing vis-á-vis the controller, the controller is obligated to notify all recipients, to which your personal data was disclosed, of this correction or erasure of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have the right to request the controller to inform you of these recipients.

6. Right to data portability

You have the right to receive the personal data you provided to the controller in a structured, prevalent and machine-readable format. You also have the right to transfer this data to another controller without any hindrance by the controller the personal data was made available to, provided that

  • the processing is based on consent in accordance with art. 6 Abs. 1 lit. a GDPR or art. 9 sec. 2 lit. a of the GDPR or on a contract in accordance with art. 6 sec. 1 lit. b of the GDPR and
  • processing is conducted using automated procedures.

In exercising this right, you also have the right to initiate that your personal data is directly transmitted to another controller by a controller, insofar as this is technically feasible. The freedoms and rights of other persons can not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or which takes place in exercising official authority, which was delegated to the controller.

7. Right to object

You have the right to object to the processing of your personal data at any time for reasons that arise from your particular situation and which is carried out in accordance with art. 6 sec. 1 lit. e or f of the GDPR; this also applies to a profiling based on these provisions.

The controller will no longer process your personal data unless it can verify compelling grounds for processing worthy of protection, which override your interests, rights and freedoms or processing serves asserting, exercising or defending legal claims.

If your personal data is processed to engage in direct advertising, you have the right to object to this processing of your personal data for the purpose of such advertising at any time; this also applies to profiling, insofar as it is associated with such direct advertising.

If you object to processing for the purpose of direct advertising, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58/EC, you have the option, in connection with the use of information society services, of exercising your right to object using automated procedures, which apply technical specifications.

You also have the right, for reasons that arise from your particular situation, to object to the processing of your personal data, which takes place for scientific or historical research purposes or for statistical purposes in accordance with art. 89 sec. 1 of the GDPR.

Your right to object can, insofar, be limited to the extent it is likely to render impossible or seriously affect the realisation of research or statistical purposes and that the restriction is required to fulfil the research or statistical purposes.

8. Right to revoke consent in line with data privacy

You have the right to revoke your consent in line with data privacy at any time. The revocation of consent does not affect the legality of processing conducted based on consent until the revocation has been effected.

9. Automated individual decision-making including profiling

You have the right not to be subjected to a decision-making process based solely on automated processing – including profiling – which will have a legal effect on you or which will significantly affect you in a similar manner. This does not apply if the decision

  • is required for the conclusion or implementation of a contract between you and the controller,
  • is permissible based on Union or Member State legislation, which the controller is subject to and these statutory provisions contain adequate measures, to safeguard your rights and freedoms and your legitimate interests or
  • take place with your explicit consent.

However, these decisions cannot be based on special categories of personal data according to art. 9 sec. 1 of the GDPR, unless art. 9 sec. 2 lit. a or g of the GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.

Regarding the cases referred to in (1) and (3), the controller will take appropriate measures to uphold the rights and freedoms and your legitimate interests, which at least include the right to obtain the intervention of an individual on the part of controller, to express one’s own position and be heard on contesting the decision.

10. Right to lodge a complaint with a supervisory authority

Regardless of any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular, in the Member State of your abode, place of work or place of alleged violation if you believe, that the processing of your personal data violates the GDPR.

The supervisory authority the complaint was lodged with must inform the complainant of the status and results of the complaint including the possibility of a judicial remedy in accordance with art. 78 of the GDPR.

VI. Provision of the website and generation of logfiles

1. Description and scope of data processing

Our website is provided by our provider, with whom we have concluded a job processing contract. They provide us with infrastructure, storage space on the web server and technical support for the website.

Every time our website is called up our server automatically records data and information from the computer system of the computer making the call.

The following data is collected in the process:

  • The user’s IP address,
  • Date and time of the access,
  • The http request method (GET, POST etc.),
  • The transmission protocol used (http1.0, http1.1 etc.),
  • Status information of the server (call successful, redirection etc.),
  • Data quantity transmitted,
  • Websites from which the user’s system came to our website,
  • The address of the site making the call including per GET transferred data and
  • Information about the browser type, the version used and the user’s operating system.

In the case of a security-relevant incident all headers of the http communication between the browser and server, as well as the contents sent back to the server answer, will also be logged.

The data will also be stored in our system’s logfiles. This data will not be stored together with user personal data.

2. Legal basis for data processing

The legal basis for temporary storage of data and logfiles is Art. 6 (1) f of the GDPR.

3. Purpose of data processing

It is necessary for the system to store the IP address temporarily so as to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address has to be stored for the duration of the session.

This storage is made in logfiles so as to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. This data will not be evaluated for marketing purposes.

Our legitimate interest in these purposes can also be found in Art. 6 (1) f of the GDPR.

4. Duration of storage

Data will be erased as soon as it is no longer required for the purpose of its collection. If data is recorded to provide the features of the website, this data be the erased once the relevant session has been ended.

If data is recorded in logfiles, this will be the case after fourteen days at the latest. Storage beyond this period is possible. In this case users’ IP addresses will be erased or masked so that no allocation to the client will be possible.

5. Possibility to object and for rectification

Recording data to provide the website and storing the data in logfiles is essential for operating the website. The user cannot object to this.

VII. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are pieces of information transferred from our web server or third party-web servers to users’ web browsers and stored there to be called up later. Cookies may be small files or other types of information storage. Cookies contain characteristic strings that enable a clear identification of the browser.

We use so-called session cookies, which are only placed for the duration of the current visit to our website.

This is necessary in order to realise the functionality of our website. For example, this is the only way to enable your login status to be stored or the shopping basket to be provided and thus to use our online range at all.

A randomly generated, clear identification number will be placed in a session cookie, a so-called session ID. A cookie also includes disclosures about its origin and the duration of storage. These cookies cannot store any other data. Session cookies will be erased once you end your use of our online range and e.g. log out or close the browser.

We also use cookies on our website that enable an analysis of users’ surfing behaviour.

The following data can be transmitted in this manner:

  • Search terms entered
  • Frequency pages are called up
  • Utilisation of website functions

The user data collected in this manner is pseudonymised through technical precautions.

When calling up our website users are informed about the use of cookies for analysis purposes by an info banner and are referred to this Privacy Policy. This also points out how they can prevent storage of cookies in their browser settings.

2. Legal basis for data processing

The legal basis for processing personal data when using technically necessary cookies is Art. 6 (1) f of the GDPR.

The legal basis for processing personal data when using cookies for analysis purposes is the existence of the user’s consent as per Art. 6 (1) a of the GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of the website for users. Some functions of our website cannot be offered without the use of cookies. It is necessary for these functions that the browser is recognised again, including after changing pages.

The following are examples of applications that require cookies:

  • Login, shopping basket and ordering process in an online shop
  • Storing language settings
  • Storing currency settings in an online shop
  • Noting search terms

User data collected by technically necessary cookies will not be used to generate user profiles.

Analysis cookies are used for the purpose of improving the quality of our website and its contents. Through analysis cookies we find out how the website is used and can thus continuously optimise our range. We use the analysis software Matomo for this purpose.

Our legitimate interest in processing personal data can also be found in Art. 6 (1) f of the GDPR.

4. Duration of storage, possibility to object and for rectification

Cookies are stored on the user’s computer and transmitted from it to our website. Therefore, you as the user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that are already stored can be erased at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website in full.

5. Note about external cookies

Many marketing companies use cookies to measure reach and for advertising purposes. You can object to the use of these cookies,

VIII. Web analysis by Google Analytics

1. Description and scope of data processing

We use “Google Analytics” on our website. Google has been commissioned to evaluate the use of our online range by users, to compile reports about activities within this online range and to provide additional services to us connected with the use of this online range and internet use. In the process, pseudonymised use profiles can be made for users from the processed data. To do this Google places a cookie on the user’s system. The information generated by the cookie about use of the online range by the user is usually sent to a Google server in the USA and stored there.

We use Google Analytics with activated IP anonymisation. This means, the user’s IP address will be shortened by Google within member states of the European Union or in other contracting states to the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and shortened there in exceptions.

2. Legal basis for data processing

The legal basis for processing personal data is Art. 6 (1) f of the GDPR.

Google is certified under the Privacy Shield Framework and thus offers a guarantee that it complies with European data protection law.

privacyshield.gov

3. Purpose of data processing

Processing users’ personal data enables us to analyse the surfing behaviour of our users. By evaluating the data we have acquired, we are in a position to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user friendliness. Our legitimate interest in processing data for these purposes can also be found in Art. 6 (1) f of the GDPR. By anonymising the IP address users’ interests in protecting their personal data are sufficiently taken into account.

4. Duration of storage

Google will erase or anonymise the user’s personal data after 14 months.

5. Possibility to object and for rectification

Cookies are stored on the user’s computer and transmitted from it to our website. Therefore, you as the user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that are already stored can be erased at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website in full.

On our website we offer users the possibility to opt out from the analysis procedure. This sets another cookie on your system which then signals to Google that is must not store the user’s data. If the user has since erased this cookie from their own system, they will have to set the opt-out cookie again.

Cookie Einstellungen widerrufen

6. Deactivating Google Analytics

Alternatively, users can also inform us with their browser that we should not carry out any analysis. The do-not-track technology we use is one possibility, enabling users to decide independently whether their behaviour should be tracked by websites, advertising networks or social networks. If users have set their browser to “I do not want to be tracked” external analysis code from Google Analytics will not be called up from your browser. You will find instructions for do-not-track here:

Google also offers a plugin for common browsers that, when calling up the corresponding sites with code from Google Analytics, prevents visit data from being transferred to Google Analytics via Google Analytics JavaScript (ga.js, analytics.js and dc.js). This does not prevent data being transferred to the website or to other web analysis services.

You will find the Google plugin here: how-do-i-turn-do-not-track-feature.

You will find further information about data use by Google, setting and objection possibilities in the Google Privacy Policy

policies.google.com/technologies/ads and in the setting for displaying advertising inserts by Google adssettings.google.com/authenticated.

IX. Social networks / Facebook fan page

Information about our Facebook fan page

We operate a fan page on the social network Facebook and access the technical platform and services of Facebook to do so.

The European Court of Justice (ECJ), in its ruling of 5 June 2018, decided that operators of a Facebook fan page are responsible for processing personal data together with Facebook. Therefore, we are responsible for our fan page together with Facebook (Article 26 of the GDPR). You will find the addendum for this purpose at:

https://www.facebook.com/legal/terms/page_controller_addendum

Information about our Facebook fan page

We must point out that you use our Facebook fan page and its functions at your own risk. This applies in particular to use of the interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also call up the information offered on this site on our internet range at treuhand.de.

When visiting our Facebook page, Facebook will record your IP address and additional information that is available on your PC in the form of cookies. This information is used to provide us statistical information about the utilisation of the fan page. Facebook provides more detailed information about this matter at the following link: facebook.com/help/pages/insights

We process Facebook Insights data in our Facebook presence. This is statistical data such as the total number of calls of the site, “likes”, site activities, contribution interactions, video views, contribution reach, comments, shared contents, answers, the proportion of men and women, origin related to country, town/city and language. We do not have any influence on the data provided.

We use the data provided by Facebook to make our contributions more attractive, to address target groups directly and to find the right point in time for publication.

We use Facebook Insights data as per Article 6 (1) f of the GPDR.

The data collected about you when using our fan page is processed by Facebook Ltd. and may be transmitted to countries outside the European Union. It has to be assumed that Facebook uses the data for advertising purposes, to generate user profiles and for market research purposes. Facebook describes which information it processes in a general form in its data use policies. You will also find information there about the possibility to contact Facebook and about possible settings for advertising. The data use policies are available at the following link: facebook.com/about/privacy

You will find the full Facebook data use policy here: facebook.com/full_data_use_policy

You will find additional information in the privacy information from Facebook at facebook.com/help/568137493302217

and information about page insights data at facebook.com/legal/terms/information_about_page_insights_data.

The manner in which Facebook uses data from visits to Facebook pages for its own purposes, the scope with which activities on Facebook can be attributed to individual users, how long Facebook stores this data and whether data from a visit to Facebook is transferred to third parties has not been clearly and conclusively specified by Facebook and is not known to us.

When accessing a Facebook page, the IP address allocated to your terminal will be transmitted to Facebook. According to information from Facebook, these IP addresses will be anonymised and erased after 90 days. Facebook also stores data about its users’ terminal (e.g. using the function “Login alerts”); this may make it possible for Facebook to attribute IP addresses to individual users.

If you are currently logged in to Facebook as a user, there will be a cookie on your terminal with your Facebook identifier. This puts Facebook in a position to trace that you have visited this page and how you used it. This also applies to all other Facebook pages. Advertising and content tailored to you can be offered on the basis of this data.

If you want to prevent this, you should log out of Facebook or deactivate the function “stay logged in”, erase the cookies on your terminal, close your browser and restart. In this manner Facebook will erase information that can be used to identify you directly. So you can use our Facebook page without your Facebook identifier being disclosed. If you access interactive functions of the page (like, comment, share, news etc.), a Facebook login screen will appear. After logging in you will once again be recognisable to Facebook as an identifiable person.

You will find information about how you can administer or erase available information on the following Facebook support pages: facebook.com/about/privacy#.php.

X. Contact form and email contact

1. Description and scope of data processing

There is a contact form on our website that can be used to make contact electronically. If the user makes use of this possibility, all the data entered in the relevant screen will be transmitted to us and stored.

The following data will also be stored at the time of sending the message:

  • The user’s IP address,
  • Date and time of registration

Your consent will be obtained to process the data during the sending procedure and you will be referred to this Privacy Policy.

Alternatively, it is possible to make contact using the email address provided. In this case the user’s personal data transmitted with the email will be stored.

No data will be transferred to third parties in this connection. The data will be used exclusively to process the conversation.

2. Legal basis for data processing

The legal basis for processing this data is the existence of the user’s consent as per Art. 6 (1) a of the GDPR.

The legal basis for processing the data transmitted when sending an email is Art. 6 (1) f of the GDPR. If the aim of the email contact is to conclude a contract, an additional legal basis for this processing is Art. 6 (1) b of the GDPR.

3. Purpose of data processing

The collection of the user’s email address is intended to deliver the newsletter.

The collection of any other personal data as part of the login procedure is intended to prevent any misuse of the services or the email address used and as proof that you have subscribed to the newsletter.

4. Duration of storage

Data will be erased as soon as it is no longer required for the purpose of its collection. Accordingly, the user’s email address will be stored for as long as the newsletter subscription is active. Due to the burden of proof this also applies to any other personal data collected as part of the login procedure.

XI. Newsletter

1. Description and scope of data processing

You can subscribe to a free newsletter on our website. When registering for the newsletter, the data from the input mask is transmitted to us.

In addition, the following data is collected during registration:

  • The user’s IP address,
  • Date and time of registration/activation of the suscription

Your consent will be obtained for the processing of your data during the registration process and reference will be made to this data protection declaration.

No data will be passed on to third parties in connection with data processing for the dispatch of newsletters. The data will be used exclusively for sending the newsletter.

2. Legal basis for data processing

The legal basis for processing this data is the existence of the user’s consent as per Art. 6 (1) a of the GDPR.

3. Purpose of data processing

The collection of the user’s email address is intended to deliver the newsletter.

The collection of any other personal data as part of the login procedure is intended to prevent any misuse of the services or the email address used and as proof that you have subscribed to the newsletter.

4. Duration of storage

Data will be erased as soon as it is no longer required for the purpose of its collection. Accordingly, the user’s email address will be stored for as long as the newsletter subscription is active. Due to the burden of proof this also applies to any other personal data collected as part of the login procedure.

5. Possibilities to object and for rectification

Data subjects can cancel a subscription to the newsletter at any time. There is a link for this purpose in every newsletter. This also withdraws consent to the storage of personal data collected during the login procedure.

XII.   Inclusion of third-party contents and services

1. Description and scope of data processing

Within our online range we use third-party provider offers so as to include their contents and services, such as fonts, graphics, videos, maps, information etc. When calling up our website your browser will make a direct connection with the third-party provider’s servers so as to display the necessary contents. As a result, the corresponding third-party provider will receive information about the time and contents of use of this website, including users’ IP addresses. Depending on the service, additional information (e.g. geo-data for a route planner) may also be transmitted to the third-party provider.

We do not have any influence over the scope, further processing or use of data collected by third-party providers.

Third-party providers frequently use cookies so as to analyse user behaviour across different websites and to combine this information with other sources. This also applies to the use of so-called web beacons, small invisible graphics used for statistical or marketing purposes.

We refer to the third-party provider privacy policies for the concrete scope of data processing.

2. Legal basis for data processing

The legal basis for processing this data is Art. 6 (1) f of the GDPR. Third-party providers that process data outside the EU, process it in accordance with the Privacy Shield Framework.

3. Purpose of data processing

The purpose of data collection and further processing of the data can be taken from the third-party providers’ privacy policies.

4. Duration of storage

The duration of storage of the data can be taken from the third-party providers’ privacy policies.

5. Possibility to object and for rectification

You can generally prevent the integration of contents and services from third parties on our website by deactivating the use of Javascript in your browser. If the use of Javascript is deactivated for our website, it may no longer be possible to use all the functions of the website in full.

We refer to the third-party providers’ privacy policies for the possibility to object and for rectification.

6. Third-party contents and services on this website

We have integrated the following third-party contents and services:

Content Third-Party supplier

Maps from OpenStreetMap (via proxy so the user’s IP address is not transmitted to the third-party provider)

Openstreetmap Foundation
132 Maney Hill Road
Sutton Coldfield
West Midlands B72 1JU
United Kingdom

Data protection: https://wiki.openstreetmap.org/wiki/Privacy_Policy.