Privacy policy

Privacy policy to our website

Introduction and general information

Thank you for your interest in our website. The protection of your personal data is important to us. Below you will find information about how we handle your data that is collected through your use of our website. Your data will be processed in accordance with the legal data protection regulations.


Controller within the meaning of the GDPR

In the course of providing our Internet services, Fietz Automotive GmbH, Fietz GmbH and Fietz Thermoplast GmbH (hereinafter "the responsible parties") work closely together. This also concerns the processing of personal data relating to you. In this regard, the Controllers are jointly responsible for the protection of the personal data they process to the extent described below (Art. 26 GDPR).

What did the responsible parties agree to?

Within the scope of their joint responsibility under data protection law, Fietz Automotive GmbH, Fietz GmbH and Fietz Thermoplast GmbH have set out in a written agreement which of the controllers are subject to certain obligations under data protection law and who of the controllers fulfills which obligations. In particular, the data controllers have reached an agreement on who is responsible for exercising data subject rights in accordance with Art. 15-22 of the GDPR and for fulfilling information obligations in accordance with Art. 12-14 of the GDPR.

Which processing operations are covered by the joint responsibility?

Apart from the processing operations listed above, the (further) processing of personal data is carried out in each case under the separate responsibility Fietz Automotive GmbH, Fietz GmbH and Fietz Thermoplast GmbH.

You will be informed separately by the respective controller about the areas in which Fietz Automotive GmbH, Fietz GmbH and Fietz Thermoplast GmbH act under their own responsibility.

Who of the controllers assumes which duties under the GDPR and what does that mean for you as an affected person?
Within the scope of their joint responsibility under data protection law, Fietz Automotive GmbH, Fietz GmbH and Fietz Thermoplast GmbH have agreed which of them fulfills which obligations under the GDPR and have specified this in a written agreement:

Obligation under data protection law 

Responsible company in charge of the duty and description of its implementation

Information obligations pursuant to Art. 12 et seq. GDPR and Art. 26 para. 2 (2) GDPR

Fietz GmbH: Fietz GmbH provides the information according to Art. 13, 14 GDPR in form of a privacy policy on the website.

Processing of requests to exercise data subject rights according to Art. 15-21 GDPR

Fietz GmbH: Fietz GmbH shall inform the other data controllers without delay about data subject rights asserted by data subjects pursuant to Art. 12 et seq. GDPR. They shall provide each other with all information necessary to respond to access requests or other inquiries. Requests to exercise data subject rights will be coordinated and answered by Fietz GmbH.

Data protection incidents: Fulfillment of obligations according to Art. 33, 34 GDPR

Fietz GmbH: Fietz GmbH is responsible for auditing and processing in the event of breaches of personal data protection or a security-relevant disruption in joint data processing, including the fulfillment of any notification obligations to the competent supervisory authority (Art. 33 GDPR) or notification obligations to the data subjects (Art. 34 GDPR) that may be triggered. The controllers have committed to inform each other immediately and in full if they discover errors or irregularities with regard to data protection provisions during the audit of processing activities.

Ensuring appropriate technical and organizational measures according to Art. 24, 25, 32 GDPR

Fietz GmbH: Fietz GmbH ensures the technical and organizational measures in coordination with the other controllers.

 

In addition, the responsible parties shall ensure that employees maintain the confidentiality are appropriately bound to confidentiality under data protection law and instructed guidelines on the protection of data that are relevant to them.

The Controllers shall ensure that the processing operations covered by the joint controllership are documented in their processing records pursuant to Article 30 (1) of the GDPR and that other documentation is prepared to fulfill the accountability obligation pursuant to Article 5 (2) of the GDPR.

The responsible parties shall independently ensure that the statutory provisions on the deletion of data and the restriction of data processing are complied with. The responsible parties shall observe the statutory retention obligations.

Notwithstanding the above arrangements, data subject rights can be asserted with all data controllers using the following contact details: 

Fietz Automotive GmbH
Industriestr. 9-11
51399 Burscheid
Germany
Tel.+49 21 74 - 6740
fietz@fietz.com

Fietz GmbH
Industriestr. 9-11
51399 Burscheid
Germany
Tel.+49 21 74 - 6740
fietz@fietz.com

Fietz Thermoplast GmbH
Dahlienstraße 21
42477 Radevormwald
Germany
Tel.+49 21 95 - 91110
thermoplast@fietz.com


Contact information of the data protection officer

Proliance GmbH / www.datenschutzexperte.de

Datenschutzbeauftragter
Leopoldstr. 21
80802 München
datenschutzbeauftragter@datenschutzexperte.de

When contacting our Data Protection Officer, please specify the company to which your request relates. Please refrain from enclosing sensitive information such as a copy of an identification document with your request.

 

Definitions

Our privacy policy should be simple and understandable for everyone. For this reason, our privacy policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.


Access to and storage of information in terminal equipment

By using our website, access to information (e.g. IP address) or storage of information (e.g. cookies) in your terminal equipment may occur. This access or storage may involve further processing of personal data pursuant to the GDPR.

In cases where such access to information or such storage of information is strictly necessary for the technically error-free delivery of our services, this is done on the basis of § 25 para. 1 s. 1, para. 2 no. 2 TTDSG. 

In cases where such a process serves other purposes (e.g. the needs-based design of our website), this will only be carried out on the basis of § 25 para. 1 TTDSG with your consent pursuant to Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future.

For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities on our website.


Webhosting

This website is hosted by an external service provider (hoster). This website is hosted in Germany by Host Europe GmbH. Personal data collected on this website is stored on the hoster's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, web page accesses and other data generated by a website. The legal basis for hosting is our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR.

We have concluded a Data Processing Agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we commit him to protect the data of our customers and not to pass them on to third parties.


Server-Logfiles

Once you visit our website, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during an active connection for communication between your internet browser and our web server:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status
  • Web browser used and operating system used
  • (Full) IP address of the requesting computer
  • Transmitted amount of data

We collect the listed data to ensure a proper connection to the website and an error-free delivery of our services. The processing of this data is strictly necessary to make the website available to you. The log files are processed for the purpose of evaluating system security and stability as well as for administrative purposes.  The log files serve to evaluate system security and stability as well as administrative purposes. The legal basis for the processing of the data is our legitimate interest in the protection and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR.

For reasons of technical security, to defend against attempted attacks on our web server, we store this data for a short period of time. Your IP address will only be stored for as long as is necessary to exercise, assert or defend against any legal claims.

In addition, the data is processed in anonymized form for statistical purposes, if necessary. This data is never stored together with other personal data of the user, compared with other data, or passed on to third parties.


Cookies

Our website uses so-called “cookies”. Cookies are small text files that are either temporarily stored on your end device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behaviour or display advertising.

The processing of data using strictly necessary cookies is based on a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the technically error-free delivery of our services. For details on the processing purposes and legitimate interests, please refer to the following explanations on the specific data processing.

The processing of personal data using other cookies is based on consent in accordance with Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future. Insofar as such cookies are used for analysis and optimisation purposes, we will inform you separately about this in this privacy policy and obtain your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can set your browser to

  • be informed about the setting of cookies,
  • only allow cookies in individual cases,
  • exclude the acceptance of cookies for certain cases or generally,
  • activate the automatic deletion of cookies when the browser is closed.

The cookie settings can be managed under the following links for each browser:

You can also manage cookies of many companies and functions used for advertising individually. To do so, use the appropriate user tools, available at https://www.aboutads.info/choices/ or  http://www.youronlinechoices.com/uk/your-ad-choices.

Most browsers also offer a so-called "do-not-track function". When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be "tracked" for behavioural advertising and the like.

For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:

Additionally, you can prevent the loading of so-called scripts by default. "NoScript" allows the execution of JavaScripts, Java and other plug-ins only at trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/en-US/firefox/addon/noscript/ ).

Please note that if you disable cookies, the functionality of our website may be limited.

Cookie-Name

Purpose

Third Party

Runtime

PHPSESSID

Session-Cookie

Server

End of a session

1P_JAR

Google-Maps

Google

1 year

APISID

Google-Maps

Google

1 year

CONSENT

Google-Maps

Google

1 year

HSID

Google-Maps

Google

1 year

NID

Google-Maps

Google

1 year

SAPISID

Google-Maps

Google

1 year

SID

Google-Maps

Google

1 year

SIDCC

Google-Maps

Google

3 months

SSID

Google-Maps

Google

1 year

_Secure-3PAPISID

Google-Maps

Google

1 year

_Secure-3PSID

Google-Maps

Google

1 year

_Secure-APISID

Google-Maps

Google

1 year

_Secure-HSID

Google-Maps

Google

1 year

_Secure-SSID

Google-Maps

Google

1 year

_ga

Google Analytics

Google

2 year

_gat

Google Analytics

Google

10 minutes

gid

Google Analytics

Google

24 hours

Collect

Google Analytics

Google

1 year

_ga_*

Google Analytics

Google

2 years

 

Change cookie settings

You can revoke or change your cookie settings at any time. To do so, access the cookie settings again via this link (embed hyperlink to cookie settings).


External links to social media

On our website social media (Facebook) is solely embedded as a link to the respective service. After clicking on the embedded text/image-link you will be directed to the website of the respective provider. User information will only be transferred after the redirection to the respective provider. Information regarding the use of your personal data by the website can be found in the privacy policies of the visited websites.


Our appearances on social media

In the following, you will find information on how we handle your data, which are processed through your use of our social media presence on social networks and platforms. The processing of your data is in accordance with the legal regulations.

1. Providers

1.1. Facebook Fanpage

1.1.1. Controller
In case you provide us with data, which is also or exclusively processed by Facebook, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is the controller for data processing, in accordance with the GDPR, in addition to or instead of us. For this purpose, we have concluded an agreement with Facebook pursuant to Art. 26 GDPR on joint controllership for data processing (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook fan page. See the following link to consult this agreement: https://www.facebook.com/legal/terms/page_controller_addendum.

Since a transfer of personal data by Facebook Ltd. to the U.S. is made to Facebook Inc. among others, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To ensure this, the provider uses standard contractual clauses in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe.

If you, as a visitor to the site, wish to exercise your rights (access, rectification, erasure, restriction, data portability, complaint with a supervisory authority, objection or withdrawal), you can contact both, Facebook and us.

You can edit your advertising preferences in your account settings. Click on the following link and log in to your account to change your settings:

https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com

For further details, please see Facebook’s privacy policy: https://www.facebook.com/about/privacy/


1.1.2. Data protection officer of Facebook
You can use Facebook’s online form to contact Facebook’s data protection officer. To access it, please use of the following link: https://www.facebook.com/help/contact/540977946302970.


1.1.3. Data processing for statistical purposes using page insights

Facebook provides Page Insights Data for our Facebook fan page: https://www.facebook.com/business/a/page/page-insights. This aggregated data gives us an insight into how people interact with our page. Page Insights data may be based on personal data gathered from visits and interactions on, or with our page, and from connections with provided content. Please consider which personal data you share with us via Facebook. Your data may be processed for market research and promotional purposes, even if you are not logged into Facebook or do not have a Facebook account. User profiles can be created on the basis of user behaviour and the resulting interests of users. User profiles may be used for targeted advertisements within or outside the platform. Data recording is done using cookies, which are stored on your terminal device. In addition, user profiles may contain data, that is gathered from memberships on other platforms. Legal basis of the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the optimised presentation of our proposition, the effective information and communication with customers and interested parties as well as in the targeted placement of advertisements. Please note that we have no influence on the data gathering and further processing by Facebook. As a result, we cannot provide any access about where, for how long and to which extent Facebook retains the data. Furthermore, we cannot make any statements about the extent to which Facebook complies with existing erasure deadlines, what evaluations and translations are made and to whom the data is transferred by Facebook. If you want to prevent your personal data being processed by Facebook, please contact us by other means. 


2. General information on social media platforms

2.1. Controller 

The controller for data processing within the meaning of the GDPR is the company named at the beginning of this Privacy Policy, insofar as data transmitted by you via one of the social media platforms is processed by us.

2.2. Our data protection officer
If you have any concerns regarding data processing that is carried out by us as the responsible party, you can reach our Data Protection Officer at the contact details given at the beginning of this Privacy Policy.


3. General data processing on social media platforms

3.1. Data processing for market research and advertising purposes 

Organisations generally process data for market research and promotional purposes. Therefore, website providers use cookies, which load on to your browser and detect your return to the same URL. The recorded data is used to create user profiles. User profiles may be used for targeted advertisements within or outside the platform. In addition, user profiles may contain data, that is gathered from memberships on other platforms.

3.2. Data processing when getting in contact with us through social media
We collect data when you contact us, for example via contact form or messenger services such as Facebook Messenger. The data collected depends on the details you provide and the contact details you specify. It will be stored for the purpose of processing the inquiry and in the event of follow-up questions. Under no circumstances we will pass on the data to third parties without your consent. The legal basis for the data processing is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your request aimed at the conclusion of a contract. Unless there are compelling reasons, your data will be erased after final processing. We assume the processing is finalized, when the regarding circumstances are clarified.

3.3. Data processing for the purpose of performing a contract or entering a contract
If your request via social media or other platforms is aimed at the conclusion of a contract, regarding the delivery of goods or the provision of services, we process your data in order to perform the contract and the requested services, or pre-contractual measures. In this case, the legal basis for the processing of your data is Art. 6 para. 1 lit. b GDPR. Your data will be erased if they are no longer necessary for the fulfilment of the contract or if it is certain, that pre-contractual measures will not lead to the conclusion of a contract corresponding to the purpose of establishing the contact. Please consider, that it may be necessary to store personal data of our contractual partners in order to comply with contractual or legal obligations even after the conclusion of contract.

3.4. Data processing on the legal basis of consent
If the respective platform providers request you to give consent to the processing for a particular purpose, the legal basis for the processing is Art. 6 para. 1 lit. a, Art. 7 GDPR. You have the right to withdraw such consent with effect for the future at any time.


4. Data transfer and recipients (social media platforms)

When visiting and using the platforms listed above, a transfer of personal data to the USA or other third countries outside the EU may occur, which is why further protection mechanisms are required in these cases to ensure the level of data protection of the GDPR. For more information on whether and which suitable guarantees the providers can demonstrate for this, please see the list below.

We have no influence on the processing of your personal data by the provider and the handling thereof. Likewise, we do not have any information on this. For more information, please check the privacy policy of the respective provider and, if necessary, use the opt-out / personalization options regarding data processing by the provider:

  • YouTube/Google


Data transfer and recipients (general)

Your personal data is not transferred to third parties, unless

  • we have explicitly pointed this out in the description of the respective data processing.
  • you have given your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
  • the transfer pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and our legitimate interests are not overridden by your fundamental rights and freedoms.
  • there is a legal obligation to transfer data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
  • required by Art. 6 para. 1 sentence 1 lit. b GDPR for the execution of contractual relationships with you.

In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. Required data processing agreements pursuant to Art. 28 GDPR are concluded before the commission. These contracts concern web hosting services, the dispatch of emails and IT updates and maintenance. Your personal data will not be transferred to third parties by our service providers.


Processing of personal data when using the services and/or performances offered by us

Job Applications

If you apply for a job at our company via contact form or by email, we collect personal data. This includes, in particular, your contact details (such as first and last name, telephone number and email address of the user) as well as other data provided by you regarding your background (e.g. CV, qualifications, degrees and work experience) and your person (e.g. cover letter, personal interests). This may also include special categories of personal data (e.g. information on a severe disability). Your personal data generally is collected directly from you during the application process and is encrypted during electronic transmission. The primary legal basis for this is § 26 para. 1 BDSG. In addition, consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 26 para. 2 BDSG can be a legal basis. If the processing of your data is based on consent, you have the right to revoke your consent at any time with effect for the future.

Within our company, only those persons and positions (e.g. human resources) have access to your personal data which absolutely need to carry out the application procedure or to fulfil our legal obligations. Your applications will be forwarded to the responsible person for examination. Under no circumstances will your personal data be passed on to third parties without authorisation.

Your data for an application for a specific job advertisement will be stored and processed by us during the ongoing application process. Once the application process has been completed (e.g. in the form of an acceptance or rejection), the application process including all personal data will be deleted from the system no later than six months after the application process has been completed. The data of selected applicants will be stored securely for up to 2 years, provided that the applicants have given their consent in accordance with Art. 6 para. 1 lit. a. You can revoke your consent at any time with effect for the future. For this purpose, an informal e-mail to the contact details of the person responsible listed above is sufficient. If you are accepted, your application documents will be transferred to the personnel file.


Registration FiPur
®

You have the possibility to register for certain services provided on our website and to create a user profile. We collect and use the following personal data during registration and setup:

  • First name, last name, title
  • Email address of the user
  • Date and time of registration


In addition, voluntary information can be provided (e.g. telephone number etc.). Mandatory data provided for the purpose of registration is marked with an asterisk in the input mask as a mandatory field. With your user account you will have the possibility to use further parts of our website and to log in for the offers you have purchased. If consent is given, the legal basis for data processing is Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 lit. b GDPR, insofar as the processing is necessary for the provision of the requested services. Your data will be deleted as soon as the user account on our website is deleted and insofar as there are no legal storage obligations. You can usually change and/or delete your user account, including the data you have provided, directly in your user account after logging in or by sending a message to the responsible party named at the beginning of this privacy policy.


Contact via email

If you send us requests via email, your details, including the contact data you have provided there, will be stored for the purpose of processing your request and in the event of follow-up questions. You are required to provide an email address to contact us. Your name and telephone number are optional. Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR, provided that your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, if there are no legal storage obligations to the contrary. You can object to the processing of your personal data at any time in the case of Art. 6 para. 1 lit. f GDPR.


Participation in surveys

You can participate anonymously in our surveys (e.g.: performance evaluation), so that no personal data is collected and processed by us except for the technically necessary server log files. If you send us inquiries, comments, requests or suggestions for improvement via our contact forms and voluntarily submit personal data (e.g. e-mail address, name, telephone number), your data will be stored by us for the purpose of responding to the inquiry and in the event of follow-up questions. We do not pass this data on to third parties without your consent or legal permission.

This data processing described above has its legal basis in Art. 6 para. 1 b GDPR for the implementation of necessary, pre-contractual measures, which take place following your request.


Direct marketing

Your name and address may also be processed for our own postal advertising purposes on the legal basis of Art. 6 Para. 1 lit. f GDPR, whereby our legitimate interest lies in direct postal advertising for our own services.


Tools and services used by us

We also reserve the right to include external content from third-party providers on our Internet pages.


Google Maps

Our homepage uses the online map service provider Google Maps via an interface. Provider of the map service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This allows us to display interactive maps directly on the website and makes it easy for you to use the map function. To use the functionalities of Google Maps it is necessary to save your IP address.

Google uses Cookies, to collect information about user behaviour. The legal basis for the processing of your personal data is your given consent according to Art. 6 para. 1 s. 1 lit. a GDPR.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, Google uses standard contractual clauses in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the U.S.

Further information on the handling of user data can be found in Google's privacy policy:

https://www.google.de/intl/de/policies/privacy/

Opt-out: https://www.google.com/settings/ads/


Google Ads Remarketing

Our website uses Google Ads Remarketing. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Provided you have given us your consent, this tool enables the advertising target groups created with Google Ads Remarketing to be linked with the cross-device functions of Google Ads and Google Marketing Platform. The legal basis is your consent pursuant to Art. 6 (1) p. 1 lit. a GDPR. This means, interest-related, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC).

If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalised advertising messages can be displayed on every end device on which you log in with your Google account.

To support this feature, Google Analytics collects authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad targeting.

You can permanently opt out of cross-device remarketing/targeting by disabling personalised advertising in your Google Account; follow this link: https://adssettings.google.com/

As there is a transfer of personal data to the USA, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.

Further information and the data protection provisions can be found in Google's data protection declaration at: https://www.google.com/policies/technologies/ads/.

 

Google Analytics

Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses so-called "cookies" and web beacons.

Google will use this information on behalf of the operator of this website to evaluate your use of the website and to create reports on website activity. Google will also use this information to provide the website operator with further services related to the use of the website and the internet. The IP address sent by your browser in the context of Google Analytics is not combined with other data from Google. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent.

We use Google Analytics only with activated IP anonymisation. This means that your IP address will only be further processed by Google in abbreviated form.

We have concluded a Data Processing Agreement with the service provider in which we oblige him to protect the data of our customers and not to pass them on to third parties.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

The terms of use of Google Analytics and information on data protection can be accessed via the following links:

http://www.google.com/analytics/terms/

https://policies.google.com/privacy

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. User and event-level data associated with cookies, user IDs (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA) will be deleted no later than 14 months after collection.

You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. Please note, however, that if you do so you may not be able to use all the functions of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and analysing your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout.


Data security

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, considering the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.


Storage period

The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.


Your rights

In the following, you will find information about your data subject rights, which the current data protection law grants you against the controller concerning the processing of personal data:

The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the controller rectification or erasure or personal data or restriction of processing of personal data concerning you or to object such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences.

The right to obtain without undue delay the rectification of inaccurate personal data concerning you. in accordance with Art. 16 GDPR.

The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.

The right, in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us in in a commonly used and machine-readable format and the right to transmit those data to another controller.

The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR with effect in the future at any time.

The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in the Member State of your habitual residence, place of work.

The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your given consent concerning the processing of your personal data with effect for the future at any time. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

 

Right to object

If your personal data is processed by us based on legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation.

If you wish to exercise your right of withdrawal, objection or any of your other rights, simply send an e-mail to info@datenschutzexperte.de.


Necessity of providing personal data

The provision of personal data for the decision on the conclusion of a contract, the fulfilment of the contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.


Automated decision making

Automated decision making or profiling according to Art. 22 GDPR does not take place.


Subject to change

We reserve the right to adapt or update this privacy policy, if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take account of changes to our services, e.g. the introduction of new services. The most current version applies to your visit.

 

Status of this privacy policy: 09.02.2022