DATA PROTECTION AS A FUNDAMENTAL RIGHT

The protection of individuals about regarding the processing of personal data is a fundamental right. In accordance with Article 8(1) of the Charter of Fundamental Rights of the European Union (the Charter) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU), everyone is entitled to the protection of personal data concerning him or her.

The principles and rules relating to the protection of individuals about regarding the processing of their personal data should ensure that their fundamental rights and freedoms, and in particular their right to the protection of personal data, are respected, regardless of their nationality or place of residence.

Natural persons should have control over their own data.

The principles of data protection should apply to any information relating to an identified or identifiable natural person. The data protection principles should therefore not apply to anonymous information, i.e. information which does not relate to an identified or identifiable natural person, or personal data which has been anonymized in such a way that the data subject cannot be identified or can no longer be identified.

INTRODUCTION

We take data protection seriously and appreciate your interest in our website. Theoretically, it is possible to use our homepage without providing personal data. However, certain services that we offer on our website may require the processing of personal data. Should this be the case, we will always point this out on the website and obtain the consent of the person concerned before processing the data.

If we process personal data, for example the name, address and e-mail address of a data subject who has entered this data, for example, via a contact form available on our website, this processing is always and in any case carried out based on the current Data Protection Regulation (DSGVO) and, of course, in accordance with the local country-specific data protection regulations. With this data protection declaration, we would like to publicly inform about the type, scope and purpose of the personal data collected, used and possibly processed by us via this website and at the same time inform data subjects about their rights.

Together with our website provider, page4 Ltd, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, due to the nature of internet-based data transmission, which can be subject to gaps, absolute protection cannot be guaranteed. Therefore, every visitor to our website is free to transmit personal data to us via alternative means, for example by post or telephone.

Explanation of the terms used here

This data protection declaration is based, among other things, on terms used by the European Directive and Regulation Maker when publishing the General Data Protection Regulation, or DSGVO for short. In order to ensure the comprehensibility of this data protection declaration, we take the liberty below of explaining the most important terms used here.

Personal Data

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing

"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing

"Restriction of processing" means the marking of stored personal data with the aim of limiting their future processing;

Profiling

"Profiling" means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.

Pseudonymisation

"Pseudonymization" is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal Data is not assigned to an identified or identifiable natural person.

File System

"File system" means any structured collection of personal data accessible according to specified criteria, whether such collection is maintained in a centralised, decentralised or functional or geographical manner.

Person responsible for the processing of the data

“Responsible” or person responsible for the processing of data is any natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of the processing of personal data; if the purposes and means of this processing are specified by Union law or the law of the Member States, the person responsible or the specific criteria for his naming can be provided for by Union law or the law of the Member States.

Processor

"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.

Recipient

The term 'recipient' means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients and the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules, in accordance with the purposes of the processing.

Third

The term "third party" means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.

Consent

The term 'consent' of the data subject means any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to personal data relating to him or her being processed.

Personal Data Breach

"Personal data breach" means a breach of security leading to the destruction, loss or alteration, whether accidental or unlawful or to the unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.

Responsible for the processing of the data

The owner of this website is responsible for the processing of personal data within the meaning of Article 4 of the GDPR or other laws in force in the Member States of the European Union or the European Economic Area concerning the protection of personal data and other provisions whose nature is the protection of data. The name and address can be found in the imprint.

Cookies

When you visit our website, we may use cookies and other tracking technologies. This is partly to provide the necessary techniques and partly to evaluate the effectiveness of promotions, improve advertising measures and carry out analyses so that we can constantly optimize our service. Some functions of our website are only possible through the use of cookies. You can disable or refuse cookies, but you should be aware that this may limit or prevent your use of the website and services.

Cookies can be deactivated or removed using tools that are integrated into most browsers by default. We do not store any personal data in the cookies.

Collection of general data (log files)

When you visit our website, the servers of our provider page4 automatically store the data sent by the browser. This means the call (web address, request and response code) of the page, the IP address of the visitor, browser type, version and the date and time of the call. We need this information for statistical purposes and to combat misuse. The data is automatically deleted after 3 months.

E-Mail and Contact Form

Our website complies with the statutory provisions and therefore has details, for example in the imprint, which enable our visitors to contact us by e-mail. If a data subject contacts the data controller by e-mail or via a contact form created on our website, the personal data voluntarily provided by that person will be automatically stored for the purposes of processing or contacting the data subject. Under no circumstances will this personal data be passed on to third parties.

If you use a contact form on our website, the data you enter, which can be content from a text field, i.e. your name, address, a comment, etc., but also information about which radio box or checkbox you have selected, is sent directly without storage from the server of our provider page4 by email to the address we have stored. The data is sent to the server in encrypted form via SSL, the mail dispatch is secured with TLS. We store this information and use your data for the reasons explained in this privacy policy.

As soon as the purpose of the data collection has been achieved, the data collected from you will be deleted either manually immediately and permanently or automatically after the legally prescribed time has expired. We take appropriate measures to ensure that your data is neither lost nor altered and take all technologically available means to protect your data from access by unauthorized persons. We do not pass on your data to third parties without your consent unless this is required by law (for example in the event of misuse).

Comment Function Blog

Our website uses the blog module provided by the manufacturer, page4. The blog offers us the possibility to publish time-controlled information for the public. Visitors to our blog have the opportunity to comment on our blog articles and to reply to comments left by other visitors.

When visitors leave comments on our blog about individual articles, we store the time and IP address alongside the comment. This is done for our own security, in case written comments publish content that could have legal consequences (insult, defamation, forbidden political propaganda, etc.). In such cases, we reserve the right to use the stored data for the purpose of criminal prosecution, naturally taking into account the relevant laws and regulations. As a matter of principle, data will not be passed on to third parties unless this is required by law or the passing on serves the legal defence of the person responsible for the processing.

A published comment remains stored and thus visible as long as the blog article or our website exists or until you, as the author of the comment, exercise your right to delete and be forgotten. In this case, the explanations given below apply in accordance with the GDPR.

Guestbook

If you actively use our guestbook, i.e. leave an entry, we store the information given there in a database. In addition, we store the time of the entry and your IP address in order to be able to take legal action against misuse of our guestbook. The information you provide will remain stored as long as this guestbook is available online. The additional information such as IP address will only be stored as long as it is legally permitted or required and then irrevocably deleted. You can object to the data storage at any time. In this case, we will delete your entries immediately after proof of identity and instruct our hoster to remove the data from the database and backups. The information you provide will only be used for presentation in the guestbook and will not be passed on or used for other purposes.

Deletion of Personal Data

Personal data of the persons concerned are only stored for as long as is necessary to fulfil the purpose of the storage or insofar as this is regulated by legal directives and ordinances or regulations, as long as it is prescribed by the legislator. If the reason for storage no longer applies or if the legally prescribed storage period has expired, the personal data will be routinely and, of course, duly deleted in accordance with the legal regulations.

Right to Information According to Article 15 DSGVO

The data subject has the right to obtain confirmation from the controller whether personal data concerning him or her are being processed; if this is the case, he or she has a right of access to those personal data and to the following information:

1. the purposes of processing;
2. the categories of personal data processed;
3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations;
4. if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
5. the existence of a right to obtain the rectification or erasure of personal data concerning them or to obtain the restriction of processing by the controller or a right to object to such processing;
6. the existence of a right of appeal to a supervisory authority;
7. if the personal data are not collected from the data subject, any available information on the origin of the data;
8. the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) and, at least in such cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 in relation to the transfer.

The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on the administrative costs. Where the data subject makes the request electronically, the information shall be provided in a commonly used electronic format, unless the data subject indicates otherwise.

Right to Rectification Pursuant to Article 16 of the GDPR

The data subject shall have the right to obtain from the controller the rectification without delay of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to obtain the completion of any incomplete personal data, including by means of a supplementary declaration.

Right to Erasure According to Article 17 DSGVO

1) The data subject has the right to obtain from the controller the erasure directly of personal data concerning him or her, and the controller is obliged to erase personal data directly where one of the following reasons applies:

1. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
2. The data subject withdraws the consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) and there is no other legal basis for the processing.
3. The data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing or the data subject objects to the processing pursuant to Article 21(2).
4. The personal data have been processed unlawfully.
5. The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
6. The personal data have been collected in relation to information society services offered in accordance with Article 8(1).

2) If the controller has made the personal data public and is obliged to erase it pursuant to paragraph 1, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that a data subject has requested that they erase all links to, or copies or replications of, that personal data.

Paragraphs 1) and 2) above shall not apply, among other things, to the extent that the processing is necessary

• for the exercise of the right to freedom of expression and information;
• for the establishment, exercise or defence of legal claims.

The controller of this website will, if one of the above reasons applies, promptly comply with the request for erasure. Deleted data is irrevocably deleted and cannot be recovered.

Right to Restriction of Processing under Article 18 of the GDPR

The data subject has the right to obtain from the controller the restriction of processing where one of the following conditions is met:

1. the accuracy of the personal data is contested by the data subject for a period, enabling the controller to verify the accuracy of the personal data,
2. the processing is unlawful, and the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data;
3. the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the establishment, exercise or defence of legal claims; or
4. the data subject has objected to the processing pursuant to Article 21(1), as long as it is not yet established whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted in accordance with paragraph 1, those personal data may be processed, apart from being stored, only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.

A data subject who has obtained a restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction is lifted.

Right to Data Portability According to Article 20 DSGVO

The data subject shall have the right to receive personal data concerning him or her which he or she has provided to a controller in a structured, commonly used and machine-readable format, and the right to transmit such data to another controller without hindrance from the controller to whom the personal data have been provided, provided that

1. the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b); and
2. the processing is carried out by automated means.

When exercising the right to data portability referred to in paragraph 1, the data subject shall have the right to have the personal data transferred directly from one controller to another controller where technically feasible.

The right referred to in paragraph 1 shall not affect the rights and freedoms of other persons.

Right to Object Pursuant to Article 21 of the GDPR

1. The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out based on Article 6(1)(e) or (f); this shall also apply to any profiling based on those provisions. The controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
2. If personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing; this also applies to profiling insofar as it is related to such direct marketing.
3. If the data subject objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
4. The data subject shall be expressly informed of the right referred to in paragraphs 1 and 2 at the latest at the time of the first communication with him or her; this information shall be given in a comprehensible form which is separate from other information.
5. Notwithstanding Directive 2002/58/EC, in the context of the use of information society services, the data subject may exercise his or her right to object by means of automated procedures using technical specifications.
6. The data subject shall have the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out for scientific or historical research purposes, or for statistical purposes as referred to in Article 89(1), unless the processing is necessary for the performance of a task carried out in the public interest.

Automated Decisions in Individual Cases including Profiling Pursuant to Article 21 GDPR

1. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
2. Paragraph 1 shall not apply where the decision is a) necessary for the conclusion or performance of a contract between the data subject and the controller, b) is permitted by Union or Member State law to which the controller is subject, and that law contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, c) or is carried out with the explicit consent of the data subject.
3. In the cases referred to in points (a) and (c) of paragraph 2, the controller shall take reasonable steps to safeguard the rights and freedoms as well as the legitimate interests of the data subject, which include, at least, the right to obtain the intervention of a data subject on the part of the controller, to express his or her point of view and to contest the decision.

The Right to Withdraw Consent to the Processing of Data at any time

Any person affected by the processing of personal data has the right to withdraw consent to the processing at any time. To do so, the data subject must contact the personal data controller and assert the revocation.

Privacy Policy for the use of Google Analytics

We use the Google Analytics service of Google Inc. for our website. Google Analytics uses so-called cookies, which enable an analysis of the use of the website. The information generated by the cookie about the visitors is usually transferred to servers in the USA operated by Google and stored there. We use the so-called IP anonymization setting provided by Google. This means that your IP address is automatically shortened by Google for visitors from the member states of the European Union and from other states that have signed up to this treaty before being transferred to Google's US servers and thus "depersonalized". Only in exceptional cases does the shortening take place after the transfer to the USA. Google uses the transmitted data on our behalf to analyse and evaluate the use of our website and to compile corresponding reports for us. This is solely for the purpose of improving our service and coordinating measures to provide effective advertising for us. The IP address transmitted within the scope of Google Analytics will not be merged with other Google data. An installation of cookies due to Analytics can be prevented by appropriate browser settings. However, we would like to point out that in this case, we cannot guarantee the full functionality of our website. You can object to the collection and storage of your IP address and the data transmitted via cookies at any time, with effect for the future. You can find out what Google does with your data in Google's privacy policy. You can prevent cookies from being stored for Analytics by using an appropriate plugin for your browser. You can prevent the collection of data by Google Analytics by activating a so-called opt-out cookie with this link, which prevents the future collection of your data when visiting our website.

Google Web Fonts

Our website uses web fonts provided by Google for the uniform display of fonts. Google Fonts is a service of Google Inc ("Google"). The integration of these web fonts takes place via a server call, usually a Google server in the USA. This transmits to the server which of our Internet pages you have visited. The IP address of the browser of the end device of the visitor to these Internet pages is also stored by Google. You can find more information in Google's privacy policy, which you can access here:
www.google.com/fonts#AboutPlace:about
www.google.com/policies/privacy/

SSL

For the https encryption of our page4 website, our provider page4 uses the free service "Let`s Encrypt". The integration of the SSL certificates allows a so-called transport encryption of the data. Likewise, all data that a visitor to our website enters, for example in a contact form, is sent in encrypted form and is thus protected from access by third parties. You can find more information on the Let`s Encrypt website. 

Legal Basis for the Processing of Personal Data

Article 6 of the GDPR serves as the legal basis for the processing of personal data on and through our website. We only process data if at least one of the following reasons applies:

1. the data subject has given consent to the processing of personal data relating to him or her for one or more specific purposes;
2. processing is necessary for the performance of a contract to which the data subject is party or necessary for the performance of pre-contractual measures carried out at the data subject's request;
3. processing is necessary for compliance with a legal obligation to which the controller is subject;
4. processing is necessary for the purposes of the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

Storage Period of Personal Data

The personal data collected and processed by us will only be stored as long as this is required by law or as long as the purpose of this processing has not yet been fulfilled, provided this does not contradict the legal requirements. After expiry, the corresponding data is automatically and permanently deleted, unless it is still necessary for the fulfilment of a contract.