Responsible according to the General Data Protection Regulation
Data protection officer
1. Data processing in general
We appreciate your interest in our website and our company.
2. Scope and purpose of processing
The protection of your personal data is very important to us. Your data is protected in accordance with the law, so that our data protection practice is in accordance with the General Data Protection Regulation (GDPR), the Federal Data Protection Act (FDPA) and the Telemedia Act (TMA). Below you will find information about our processing of personal data and your rights:
In principle, the responsible party processes personal data only if this is necessary to maintain the functions of his website and to provide his services. The processing takes place to the extent of the consent of the user or as far as it is permitted by legal regulations.
If the responsible party obtains consent for processing, legal basis is article 6 (2)(a), GDPR. Any processing necessary to fulfill a contract to which the data subject is a party shall have its legal basis in article 6(1)(b), GDPR. This also applies to processing required for the execution of pre-contractual measures, which is carried out on request of the data subject. The legal basis for the processing of personal data required to fulfill the legal obligations of the controller is article 6 (1)(c) GDPR. Article 6(1)(d), GDPR is the legal basis in the event that vital interests of the data subject or any other natural person require the processing of personal data. Article 6(1)(f), GDPR is the legal basis for the processing of personal data when it is necessary to safeguard a legitimate interest of the business of the controller or a third party and which outweighs the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data.
3. Lawfulness of processing
The responsible party deletes or blocks personal data if the purpose of the storage is omitted. Storage can also take place if required by law or regulation. In particular, there may be statutory storage obligations of six years under commercial law and ten years under fiscal law. Blockages or deletions also occur if specified periods of storage end according to laws or regulations and the data for the conclusion of contract, the fulfillment of contract or the termination of contract are no longer required. Data storage is also possible for the preservation of evidence under the statute of limitations. The regular limitation period is three years, whereby limitation periods of 30 years can also be possible.
"Every access to the website of those responsible as well as every retrieval of a file stored on their website are by default logged automatically. In this case, the date and time of access, web browser and version, operating system, the website from which the user accesses the page of the responsible party and the websites that the user accesses via the website of the responsible party, as well as the ISP of the user and his IP address can be logged.
This data may be stored in the log files of the system of the responsible parties. A combination of this data with other data sources, in particular other personal data of the user, does not take place."
The temporary storage of these data and log files has its legal basis in article 6(1)(f), GDPR.
4. Storage and deletion
"The temporary storage of the IP address by the system is necessary to enable delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session. Data storage in log files is done to ensure the functionality of the website. In addition, the responsible party uses the data to optimize the Internet presence and to ensure the security of his IT systems.
The above-mentioned purposes also represent the predominant legitimate interests of the controllers in this data processing in accordance with Article 6(1)(f), GDPR."
The data will be deleted as soon as it is no longer necessary for the realization of the purposes above. In the case of the collection of data for the provision of the Internet presence, this is the case at the end of the respective session and in the case of storage of data in log files at the latest after seven days.
5. Provision of internet presence and log files
Two types of cookies can be used on the pages of those responsible. First, the so-called session cookies, which are deleted when the browser is closed. On the other hand, the so-called persistent cookies that may remain on the computer of the person concerned for a prolonged period of time. Using the collected information, usage patterns and structures of websites can be analyzed. For example, those responsible can continue to optimize their internet presence by improving their content or personalization and making it easier to use. "
The legal basis for the processing of personal data using cookies is article 6(1)(f) GDPR.
6. Scope of processing
In the aforementioned purposes processing is necessary for the purposes of the legitimate interests pursued by the controller according to article 6(1)(f) GDPR."