Security and protection of your personal data
We consider it our primary responsibility to maintain the confidentiality of the personal information you provide to us and to protect it from unauthorized access. Therefore, we use extreme care and state-of-the-art security standards to ensure maximum protection of your personal data.
Information about the responsible party and data protection officer
The responsible party within the context of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:
c/o Postflex #3219
Emsdettener Str. 10
No parcels or packages - acceptance will be refused!
- Personal Data. "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Processing. "Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Restriction of Processing "Restriction of processing" means the marking of stored personal data with the aim of limiting its future processing.
- Profiling. "Profiling" is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
- Pseudonymization. "Pseudonymization" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person.
- File system. "File system" means any structured collection of personal data that can be accessed according to specific criteria, whether such collection is maintained centrally, decentrally, or organized along functional or geographic lines.
- Controller. "Controller" means a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
- Processor. "Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
- Receiver. "Recipient" means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients; the processing of such data by the aforementioned authorities shall be carried out in accordance with the applicable data protection legislation, in accordance with the purposes of the processing.
- Third Party. "Third Party" means a natural or legal person, public authority, agency or other body, other than the Data Subject, the Controller, the Processor and the persons authorized to process the Personal Data under the direct responsibility of the Controller or the Processor.
- Consent. "Consent" of the data subject means any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
Legality of processing
The processing of personal data is lawful only if there is a legal basis for the processing. Legal basis for the processing can be according to Article 6 para. 1 lit. a - f GDPR can be in particular:
- The data subject has given consent to the processing of personal data concerning him or her for one or more specific purposes;
- the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the data subject's request;
- the processing is necessary for compliance with a legal obligation to which the controller is subject;
- the processing is necessary in order to protect the vital interests of the data subject or another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- processing is necessary for the purposes of the legitimate interests of the controller or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
Information about the collection of personal data
In the following, we provide information about the collection of personal data when using our website. Personal data are e.g. name, address, e-mail addresses, user behavior.
When contacting us via e-mail or forms the data you provide will be stored by us in order to answer your questions.
The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). For this purpose, the Netlify Forms service of the hosting provider Netlify Inc. is used, which processes your mail address. You can find more details, for example, in Information on GDPR compliance of the provider. You can revoke your consent to the storage of data, the email address and its use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
Collection of personal data when visiting our website
We do not collect any personal data when you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information. However, personal data may be collected by our hosting provider, which your browser automatically transmits to a server. If you wish to view our website, the following data may be collected, which is technically necessary to display this website to you and to ensure stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software
For this purpose, this website uses Fathom, a privacy-friendly web analytics service provided by Conva Ventures Inc. based in Canada. To ensure GDPR compliance, EU isolation is enabled. Consequently, should these web pages accessed via an European IP, this IP address and the browser ID of the web browser are transmitted to German-owned servers; however, the data is not stored there, but anonymized. The resulting hash, from which your IP address and browser ID can no longer be determined, is stored for the sole purpose of determining whether further page views are made by a new visitor or an already known user. The creation of user profiles is therefore excluded.
For more details, please refer to the provider's Data Policy.