The protection and confidentiality of your data is very important to us. In this document we would like to inform you which data we will collect, why we want to do so and how long we save these.
1. Name and contact details of the controller
The controller in charge, as defined in Art. 4 No 7 GDPR is:
2. Purposes as well as the legal basis of the processing of data
2.1. Provision of online services and creation of server log files
When visiting our websites, data is automatically sent to our web servers. To this data also belong:
- IP adress
- Data and time of server request
- Type and version of browser
- The operating system you use
- URL of the website visited before
- Volume of data sent
This data are processed in server log files and stored for a limited time for backup purposes. We will evaluate this data for statistical purposes and to optimise our IT-Systems. No personal evaluation will be made and no personal profile will be created.
The data of the log files are always stored separately from other personal data of the users.
An IP address belongs to the personal data, as the person standing behind it can be identified by consulting the provider. The storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user's IP address must be stored for the duration of the session.
The storage of the IP address in log files is necessary to ensure the security and availability of our IT systems. This is our legitimate interest in data processing. The legal basis for the processing and storage of data is Article 6 (1) (f) of the GDPR.
At the latest after 7 days the data of the server log files are deleted. In the case of further storage, the IP addresses are pseudonymized. If attacks have been detected by individual, specific IP addresses and should therefore be blocked or used for criminal charges, longer storage of these IP addresses is possible.
3. Categories of recipients of personal data
When processing personal information, we also work with external service providers (e.g., hosting providers, payment service providers). Your personal data will be passed on to the respective order processor only extent absolutely necessary for the purpose of carrying out the order. The commissioned processors are carefully selected and guarantee compliance with the provisions of the EU General Data Protection Regulation through appropriate agreements.
If there exist any statutory duties to provide information, we will transfer your data to third parties or government agencies, if we are obliged to do so by law on the grounds of an administrative order or a court order, or if we are authorised to do so because, for instance, this is required to prosecute criminal offences or to exercise and enforce our rights and claims.
Your data will not be transferred to third parties for any other purposes than those specified above.
4. Data transmission to a third country
Should personal data are to be transferred to countries outside the EU or the European Economic Area, we or the processor will do so only if the third country has been confirmed by the EU Commission to have an adequate level of data protection or an agreement on EU standard contractual clauses or similar guarantees ensures that the processing your data in accordance with European privacy standards.
5. Duration of storage, deletion
In accordance with Art. 17 GDPR we will process and store personal data of the affected party only as long as this is required to achieve the purpose of storage. Personal data can also be stored longer, if this is required under statutory provisions applicable to us.
If the purpose of storage is no longer applicable, or if a prescribed storage period expires, the personal data will be deleted or blocked on a routine basis.
6. Rights of the affected party
Each data subject has the following rights regarding the data stored about you:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure – ‘right to be forgotten’ (Art. 17 GDPR)
- Right to restriction processing (Art. 18 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object (Art. 21 GDPR)
7. Revocation of consent
Where processing of personal data is based on point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR, the data subject shall have the right to withdraw his or her consent at any time. The withdrawel of consent shall not affect the lawfulness of processing based on consent until the withdrawel.
8. Right to complain to a supervisory authority pursuant to Art.77 GDPR
Without prejudice to any other administrative or judicial remedy, each data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of the habitual residence, place of work or place of alleged infringement if the data subject considers that the processing concerns him / her personal data breaches this Regulation.
9. Existence of a automated decision-making including profiling
We dispense with automated decision-making and profiling.
Update: August 2018