PRIVACY POLICY

PRIVACY POLICY

We appreciate your visit to our website. Data protection is very important to us and we want you to feel secure while visiting our website.

Therefore you may visit our website without disclosing your personal data. However, if you are utilising certain functions, services or offers on our website we may process personal data. We collect, process and use personal data only to the extent you have agreed to the collection and processing or if an applicable statutory principle is present.

We reserve the right to amend the privacy policy with effect to the future at any time. The current version is available on our website for review, storage or for printing at any time. Below we will provide detailed information regarding the type, extent and purpose of the personal data we collect, use and process and explain your rights to you as the data subject.

 

1. NAME AND ADDRESS OF THE DATA CONTROLLER

 

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the EU Member States, as well as other data protection regulations, is:

Niklas Hanitsch
Datenschutz hoch 4 GmbH
Oevelgönne 4b)
22605 Hamburg
Tel. +49 40 809 081 146
E-Mail: hanitsch@daten4.de
Website: www.daten4.de

 

2. ACCESS DATA IN SERVER LOG FILES

 

We store access data in so-called server log files automatically each time our website is visited.

This includes the date and time of the visit.

The temporary storage of the IP address by the system is necessary for the provision of the website to your device.For this, your IP address must remain stored for the duration of the session.

The legal basis for the temporary storage of your data and the log files is Article 6 (1)(f) GDPR.

This data is analysed for the sole purposes of delivering a smooth, uninterrupted operation of the website and improving the content of our website, as well as for transmission to law enforcement
authorities in the event of a cyber attack and to ensure the security of our IT systems.

Your data is not analysed for marketing purposes in this context.
In this context our legitimate interest also lies in the processing of data pursuant to Article 6 (1)(f)
GDPR.

Die Daten der Server-Logfiles werden getrennt von allen durch Sie im Übrigen angegebenen personenbezogenen Daten gespeichert.

Die Erfassung der Daten zur Bereitstellung der Website und die Speicherung der Daten in Logfiles ist für den Betrieb unserer Website zwingend erforderlich. Es besteht folglich keine Widerspruchsmöglichkeit.

 

3. USE OF COOKIES

 

We use so-called cookies on our website to make your visit to our website more attractive, and to enable you to use certain functions. These are small text files that are installed by a browser and
stored on your device.
Many cookies contain a so-called cookie ID. It consists of a character string through which websites and servers can be assigned to a specific browser in which the cookie was stored. Most of the cookies we use are deleted when the browser session ends (“session cookies”). However, the “persistent cookies“ remain on your device.

The following data is stored and transmitted in cookies: language settings, search terms entered. Your data that is collected on our website is pseudonymised by technical means. It is therefore no longer possible to assign your identity to this data. The data is not stored together with your other personal data.

The legal basis for the processing of personal data using cookies is Article 6 (1)(f) GDPR.

The purpose of using technically essential cookies is to make our website easier for you to use (e.g. your settings are stored). Some website features will not be available without the use of cookies, as they require that your browser be recognised even after a change of pages. Disabling or deactivating cookies may limit the functionality of our website.

The analytical cookies are used to improve the quality of our website and its content. The analytical cookies tell us how you use the website and this allows us to continually optimise our offerings. In this context our legitimate interest also lies in the processing of personal data pursuant to Article 6 (1)(f) GDPR.

Some of the third-party services embedded on our website may use cookies. Please see the websites of the providers concerned for information about their function and data processing. The services we use are evident from this Privacy Policy.

Cookies are stored on your device and transmitted to our website. This means you have control over the use of cookies. You can set your browser so that you are informed about the use of cookies and can decide whether to accept them individually, deactivate the acceptance of cookies generally or just in certain cases, or set your browser to prevent the placing of cookies thereby rejecting the placement of cookies permanently. You can also use your browser to delete cookies that have already been stored. The transmission of Flash cookies cannot be prevented using your browser settings, but by changing the Flash Player settings. This also applies to all the third-party provider cookies shown below.

 

4. EMBEDDING YOUTUBE

 

On our website we embed videos from the social network youtube.com which is run by YouTube, LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA (“YouTube”). YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

When you visit our website, your browser establishes a direct connection to the YouTube servers. Your browser is automatically prompted by the relevant video embedded on our website to download a display of the corresponding YouTube component. During this technical process, YouTube receives information about which specific sub-page of our website you are visiting. If you use the videos, the relevant information – e.g. the play button being pressed – is sent to YouTube by your browser, possibly linked to your user account and stored. The legal basis for the use of your data is Article 6 (1)(f) GDPR. In this context our legitimate interest in processing your data lies pursuant to Article 6 (1)(f) GDPR in
the, optimisation and economic operation of our website. If you are logged into your personal Google account while visiting our website, YouTube can assign the visit and specifically the subpages of our website visited to your account.
If you do not have a Google account, it is still possible that YouTube stores your IP address. If you do not want your data to be processed in this way, you must log out of your Google account and delete your cookies before visiting our site.

You can object to the use of your data by Google at any time by clicking on the following link:
https://adssettings.google.com/authenticated

For further information about data protection, please see YouTube’s privacy policy:
https://www.google.de/intl/de/policies/privacy/.

 

5. EMBEDDING THIRD-PARTY CONTENT

 

We embed some third-party content on our website, such as maps from Google Maps and Apple
Maps, RSS feeds or graphics from other websites/providers. To display this content, your IP address has to be transmitted to the third-party provider. To do this your browser establishes a direct connection to the relevant third-party provider‘s servers when you visit our website.
Your browser is automatically prompted by the relevant content embedded on our website to download a display of the corresponding third-party provider component. During this technical process, the third-party provider receives information about which specific sub-page of our website you are visiting.

The legal basis for the use of your data is Article 6 (1)(f) GDPR.
In this context our legitimate interest lies pursuant to Article 6 (1)(f) GDPR in the analysis, optimisation and economic operation of our website. The third-party providers may also use “web beacons” for statistical or marketing purposes. Web
beacons can be used to evaluate further information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on your device and may, among other things, include technical information about the browser and operating system, referrer URL, visit time and other information about your use of our website. This information may also be linked to such information from other sources.
You can object to the use of your data by Google at any time by clicking on the following link:
https://adssettings.google.com/authenticated

 

6. E-MAIL AND CONTACT FORM

 

Due to legal requirements, we provide information on our website which enables quick electronic contact as well as direct communication with us. This includes both our e-mail address and our contact form. If you contact us by e-mail or using our contact form, the personal data transmitted by you is stored automatically. Other personal data processed in the course of your contact with us is used to prevent misuse of the contact form and ensure the security of our IT systems.

The legal basis for processing the data transmitted in the course of sending an e-mail is Article 6 (1)(f) GDPR. If the purpose of contacting us is to conclude a contract, the additional legal basis for processing is Article 6 (1)(b) GDPR. We use the personal data you provide exclusively to process your specific query. The data you provide is always treated as confidential. Your details may be stored in a customer relationship management system (so-called CRM system) or another customer data organisation tool.

The data is deleted as soon as it is no longer needed for the specific purpose for which it was collected. In the context of personal data from the contact form input screen and personal data sent by e-mail this is the case when the conversation with you is finished. The conversation is finished if it is evident from the circumstances that the matter in question has been conclusively resolved.
If you contact us you can object, at any time, to the storage of your personal data. It will not be possible to continue the conversation in this case.

 

7. DATA SECURITY

 

We use a number of technical and organisational measures to secure our website and other systems against loss, destruction, access, modification or dissemination of your data by unauthorised persons. However, despite regular controls, complete protection against all risks is not possible and we cannot guarantee it. For this reason you may, at any time, provide us with your personal data by other means, for example by telephone or mail.

 

8. LEGAL BASIS FOR PROCESSING PERSONAL DATA

 

If we obtain your consent to personal data processing, Article 6 (1)(a) GDPR applies as the legal basis for processing personal data.
Article 6 (1)(b) GDPR is the legal basis for processing personal data that is required for the performance of a contract to which you are a party. This also applies to processing that is required for the implementation of pre-contractual measures. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1)(c) GDPR applies as the legal basis. If personal data processing is necessary to protect your vital interests or the vital interests of another natural person, Article. 6 (1)(d) GDPR applies as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if your interests, fundamental rights and freedoms do not override the former interest, Article 6 (1)(f) GDPR applies as the legal basis for processing.

 

9. LEGITIMATE INTERESTS IN PROCESSING

 

Where the processing of your personal data is based on Article 6 (1)(f) GDPR, our legitimate interest, unless specified otherwise, is to conduct our business activities. Otherwise, we have stated our purposes and interests in each case in the context of the processing list above.

 

10. DATA ERASURE AND PERIOD OF RETENTION

 

Your personal data is erased or blocked as soon as the purpose of its retention no longer applies or you withdraw your consent. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. If the retention purpose is not applicable, if you withdraw your consent or if a retention period prescribed by the European legislator or another competent legislative body expires, the personal data is routinely blocked or erased in accordance with legal requirements unless further retention of the data is needed to conclude a contract or fulfil a contract.

 

11. RIGHT OF ACCESS

 

You also have the right, at any time, to obtain information free of charge regarding the stored personal data relating to you and to receive a copy of this information. You also have the right of access regarding the following information:

    1. the processing purposes,
    2. the categories of personal data that is processed,
    3. the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations,
    4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the
      criteria used to determine that period,
    5. the existence of a right to rectification or erasure of the personal data relating to you or of a restriction
      of processing by the data controller or of a right to object to such processing,
    6. the existence of a right to lodge a complaint with a supervisory authority,
    7. where the personal data is not collected from the data subject, any available information as to its
      source,
    8. the existence of automated decision-making, including profiling as defined in Article 22 (1) and (4) of
      the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

You also have a right of access to information as to whether personal data has been transferred to any third country or international organisation. If this is the case, you also have the right to be given information about the appropriate guarantees in connection with the transfer.

 

12. RIGHT TO RECTIFICATION

 

You have the right to request that incomplete personal data pertaining to you is completed and/or inaccurate data is rectified without delay. We must make the rectification without delay.

 

13. RIGHT TO RESTRICT PROCESSING

 

You have the right to obtain the restriction of processing by us if one of the following conditions is met:

    1. The accuracy of the personal data is contested by the data subject, for a period which allows the data controller to verify the accuracy of the personal data.
    2. The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
    3. The controller no longer needs the personal data for the purposes of processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.
    4. The data subject has objected to processing pursuant to Article 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the data controller override those of the data subject.

If processing of your personal data has been restricted, this data – apart from being stored – may be processed only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of significant public interest of the Union or of a Member State.

If the restriction on processing was restricted in accordance with the conditions above, we will inform you before the restriction is lifted.

 

14. RIGHT TO ERASURE

 

You have the right to ask us to erase personal data pertaining to you without delay provided one of the following grounds applies and provided processing is not necessary:

    1. The personal data was collected or otherwise processed for purposes for which it is no longerrequired.
    2. The data subject withdraws the consent on which the processing relies according to Article 6 (1)(a) GDPR, or Article 9 (2)(a) GDPR, and there is no other legal basis for the processing.
    3. The data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) GDPR.
    4. The personal data data was processed unlawfully.
    5. Erasure of the personal data is required to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
    6. The personal data was collected in relation to the offer of information society services under Article 8 (1) of the GDPR.

Where we have made the personal data public and, as the controller, are obliged pursuant to Article 17 (1) GDPR to erase the personal data, we shall take reasonable steps including technical measures, taking the available technology and the cost of implementation into account, to inform other controllers who process the disclosed personal data that the data subject has requested the erasure by these
other controllers of any links to this personal data or copies or replications of this personal data insofar as the processing is not necessary.

The right to erasure does not apply if processing is necessary:

    1. to exercise the right of freedom of expression and information;
    2. to fulfil a legal obligation which requires processing under the law of the Union or of the Member States to which the data controller is subject, or to carry out a task which is in the public interest or in the exercise of official authority vested in the controller;
    3. for reasons of public interest in the area of public health pursuant to Article 9 (2)(h) and (i) and Article 9 (3) GDPR;
    4. for archiving purposes in the public interest, scientific research or historical research purposes or statistical purposes as defined in Article 89 (1) GDPR where the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of that processing; or
    5. for the establishment, exercise or defence of legal claims.

 

15. RIGHT TO BE INFORMED

 

If you have exercised the right to have us rectify, erase or to restrict processing, we are obliged to inform all the recipients to whom the personal data pertaining to you has been disclosed of this rectification, erasure or restriction on processing of the data unless this proves impossible or involves a disproportionate effort.

You have the right to ask us to inform you of these recipients.

 

16. RIGHT TO DATA PORTABILITY

 

You have the right to receive personal data relating to you which you provided to us in a structured, commonly used and machine-readable format. You also have the right to request that we transmit this data to another controller without hindrance if the processing relies on consent as defined in Article 6 (1)(a) GDPR or Article 9 (2)(a) GDPR or on a contract pursuant to Article 6 (1)(b) GDPR and the processing is carried out by automated means, provided the processing is not necessary for the performance of a task in the public interest or in the exercise of public authority vested in the data controller.

In exercising your right to data portability pursuant to Article 20 (1) GDPR, you also have the right to have the personal data transmitted directly from one controller to another provided this is technically feasible and does not adversely affect the rights and freedoms of others.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller.

 

17. RIGHT TO OBJECT

 

You have the right, at any time, to object to the processing of personal data concerning you which is based on Article 6 (1)(e) or (f) GDPR, on grounds relating to your particular situation. This also applies to profiling based on those provisions.

In the case of an objection we no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

If we process your personal data for direct marketing purposes, you have the right, at any time, to object to the processing of your personal data for the purpose of such advertising. This also applies to any profiling to the extent that it is related to such direct marketing. If you object to the processing by us for direct marketing purposes, we will no longer process your personal data for these purposes.

You have the right on grounds relating to your particular situation, to object to processing of personal data concerning you which we use for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR unless this processing is necessary for the performance of a task carried out in the public interest.

You can contact us at any time to exercise your right to object. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

 

18. RIGHT TO WITHDRAW CONSENT

 

You have the right to withdraw your consent to the processing of personal data at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

 

19. RIGHT TO AUTOMATED INDIVIDUAL DECISION- MAKING, INCLUDING PROFILING

 

You have the right not to be subject to a decision based solely on automated processing, including profiling, which will have a legal effect on you or similarly significantly affects you if the decision

    1. is not necessary for entering into or performing of a contract between you and ourselves or
    2. is authorised by Union or Member State law which applies to us and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
    3. is made with your explicit consent.

If the decision

    1. is necessary for entering into or performance of a contract between you and ourselves or
    2. is made with your explicit consent,

we will implement suitable measures to safeguard your rights and freedoms and legitimate interests, and at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.

 

20. EXISTENCE OF AUTOMATED DECISION-MAKING

 

We do not undertake any automated decision making or profiling.

 

21. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

 

Without prejudice to any other administrative or judicial remedies, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

 

22. LEGAL OR CONTRACTUAL REQUIREMENTS TO PROVIDE PERSONAL DATA. NECESSITY FOR THE CONCLUSION OF A CONTRACT. OBLIGATION OF THE DATA SUBJECT TO PROVIDE THE PERSONAL DATA. POSSIBLE CONSEQUENCES OF FAILURE TO PROVIDE SUCH DATA

 

We inform you that the provision of personal data is, in part, prescribed by law (e.g. tax regulations) or may arise from contractual provisions (e.g. information about the contractual partner). It is sometimes necessary, for the purposes of concluding a contract, for a data subject to provide us with personal data which must subsequently be processed by us. For example, you are required to provide us with your personal data if you enter into a contract with us. Failure to provide your personal data would mean that the contract with you could not be concluded.

STAND: May 2018